It is rather confusing, Graeme.
Much of the advice on the Internet relating to the security risk of having UPnP enabled is based on malware exploits from some time ago that have in most cases been fixed by the router manufacturers. I would hope that is the case with the VM routers.
The advantage of having it enabled is it allows software on the Internet to automatically have the router manage so-called “port forwarding” – the forwarding of communication ports – from your router to specific machines on your local network that are not (or should not be) visible to the Internet. Some software (which you may or may not be using) relies on this in order to work properly. Disabling the setting would prevent that auto-configuration from happening. If that is the case you can manage the port-forwarding manually in the router settings but you need to know what you are doing there.
If you are ultra-paranoid you can disable it, at the risk of possibly breaking some programs that rely on it. Even if you do so, your local UPnP streaming will not be affected and will still work. Otherwise you can leave it enabled to ensure other things don’t break, and trust in Virgin Media to have fixed the security loopholes.