8 WordPress plugins were prone to a high severity authenticated arbitrary plugin installation vulnerability, among other issues.
The WordPress Sparkling theme (30,000+ active installations) fixed a unauthenticated function injection vulnerability affecting version 2.4.8 and below.
The WordPress JobSearch WP Job Board plugin (1,600+ sales on Envato) fixed a broken access control vulnerability in version 1.8.1 and below that could allow users to take over the website and its database.
16 WooCommerce product add-ons plugins fixed a critical broken access control vulnerability that could allow customers to take over the website and its database.
The WooCommerce Multi Currency plugin (7,700+ sales on Envato) fixed a broken access control vulnerability in version 2.1.17 and below that could allow customers to change the price of all products.