CVE-2015-9392 (users_ultra_membership)

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.
Source: NIST
CVE-2015-9392 (users_ultra_membership)