There are nineteen issues this week, with five unfixed. The most critical this week is the Sensitive Information Disclosure, Arbitrary File Deletion, and multiple Cross-Site Scripting vulnerabilities in Ultimate Member discovered by Sucri earlier this week. There was also a Local File Inclusion vulnerability disclosed in Photo Gallery by 10Web that does not appear to be fixed yet (as of the time of this post).
Again, want to give a giant “thank you” to Pat Lockley for helping me compile this week’s list!
Edit: added one more vulnerability to this week’s list.