The WordPress Ultimate Reviews plugin (2,000+ active installations) fixed an insecure deserialization vulnerability affecting version 2.1.32 and below that could lead to unauthenticated PHP object injection.
Fifteen WordPress themes were prone to critical unauthenticated function injection and privilege escalation vulnerabilities.
The WordPress Simple:Press plugin (600+ active installations) fixed a broken access control vulnerability affecting version 6.6.0 and below that could lead to unauthenticated arbitrary file upload and remote code execution.
Critical zero-day vulnerability fixed in WordPress File Manager (700,000+ installations). Update immediately.
The WordPress Kali Forms plugin (30,000+ active installations) fixed multiple vulnerabilities affecting version 2.1.2 and below.