WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability - CVE-2020-36156
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g. Administrator) during a profile update and effectively escalate their privileges.