The WordPressWP Security Audit Log plugin, (100,000+ active installations), fixed a vulnerability that could lead to privilege escalation, sensitive data exposure and insecure deserialization.
A few days ago, a developer fixed a vulnerability in several of their WooCommerce addon plugins. The vulnerability is severe because it allows the creation of new administrators, products, comments, orders and a few other things as well. It affects between 50,000 to 70,000 active installations.
The WordPress Flexible Checkout Fields for WooCommerce plugin, which has 20,000+ active installations, fixed a critical zero-day vulnerability affecting version 2.3.1 and below.
The WordPress GDPR Cookie Consent plugin, which has 700,000+ active installations, fixed a vulnerability affecting version 1.8.2 and below that could lead to authenticated stored XSS and privilege escalation.
The WordPress WPS Hide Login plugin (500,000 active installations) fixed a vulnerability in version 220.127.116.11 and below that could allow an attacker to bypass its security and access the secret login page.