Users Ultra Membership Plugin <= 1.5.62 - Authenticated Stored Cross-Site Scripting (XSS) & CSRF

Both p_name and p_desc are vulnerable. No nonce on form so also vulnerable to CSRF. Original researcher’s PoC does not work as all parameters are needed to be submitted not just the p_name parameter.