The WordPress Advanced Shipment Tracking for WooCommerce (50,000+ active installations) fixed a critical vulnerability affection version 22.214.171.124 and below.
The WordPress PWA for WP and AMP plugin (20,000+ active installations) fixed a critical broken access control vulnerability affecting version 1.7.32 and below that could lead to arbitrary file upload and remote code execution.
The WordPress 404 to 301 plugin (100,000+ active installations), fixed a broken access control vulnerability affecting version 3.0.7 and below.
The WordPress Kiwi Social Sharing plugin fixed a critical vulnerability affecting version 2.1.0 that could allow unauthenticated users to modify WordPress options in the database and take over the website.
The WordPress Flo Forms plugin (10,000+ installations) fixed a critical zero-day vulnerability affecting version 1.0.35 and below that could allow the attacker to take over the website and its database.