WordPress Ultimate Member Plugin Other Vulnerability - CVE-2022-3383
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to and including 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers with administrative capabilities to execute code on the server.