CVE-2015-9402

The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt