https://www.pluginvulnerabilities.com/2017/06/26/information-disclosure-vulnerability-in-upicrm/
When it comes to areas where there is lot of room for better security in WordPress plugins, two that come to mind are the security of plugins that handle business related task and the security of personal information stored in plugins. Those came together in a vulnerability we happened to run run across in the plugin UpiCRM while looking into the
Source: Security Feed