May 19, 2020 NinjaFirewall (WP+/WP) v4.2.1 Fixed a bug introduced in version 4.2 where a user such as an editor could potentially be blocked while editing…
The Visual Composer plugin for WordPress (80,000+ active installations) fixed multiple stored XSS vulnerabilities affecting version 26.0 and below.
The WordPress Login/Signup Popup plugin, which has 10,000+ active installations, fixed a zero-day vulnerability affecting version 1.4 and below.
The Elementor Pro plugin for WordPress is prone to a critical zero-day vulnerability affecting version 2.9.3 and below.
Elementor Page Builder (4+ million installations), was prone to a broken access control vulnerability affecting version 2.9.7 and below that could lead to stored XSS vulnerability via SVG image upload.