CVE-2018-13136

The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt