WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Plugin Ultimate Member 2.5.0 and earlier versions contain a security vulnerability that originates in the Template Handle component’s include/ core/class-shortcodes.php file of the Template Handle component. An attacker could use this vulnerability to cause pathname traversal by manipulating the parameter tpl.