July 29, 2021 NinjaFirewall (WP+/WP) v4.4 The “Full WAF” mode can be configured to exclude some directories. That can be done from the “NinjaFirewall > Dashboard”…
The WordPress Advanced Shipment Tracking for WooCommerce (50,000+ active installations) fixed a critical vulnerability affection version 18.104.22.168 and below.
The WordPress Frontend File Manager plugin (2,000+ active installations) fixed multiple critical vulnerabilities affecting version 18.2 and below that could lead to content injection, privilege escalation, stored XSS, arbitrary file upload among several other issues.
Multiple WordPress plugins were found to be vulnerable to cross-site request forgery (CSRF) attacks.
The WordPress PWA for WP and AMP plugin (20,000+ active installations) fixed a critical broken access control vulnerability affecting version 1.7.32 and below that could lead to arbitrary file upload and remote code execution.