The WordPress Newsletter Manager plugin (5,000+ active installations) is prone to an insecure deserialization vulnerability affecting version 1.5.1 and below that could lead to unauthenticated PHP object injection.
Getting quickly informed when a security update is available in your themes or plugins is an important factor in keeping your website safe.
The WordPress ListingPro theme, which has 19,000+ sales on Envato Market, fixed a critical vulnerability that could allow an unauthenticated user to upload any file on the blog, among other issues.
The WordPress Easy WP SMTP plugin (500,000+ active installations) fixed a critical zero-day vulnerability affecting version 1.4.2 and below that could allow an unauthenticated user to reset the admin password among other issues.
The WordPress Secure File Manager plugin (1,000 active installations) is prone to an authenticated remote code execution vulnerability affect version 2.5 and below.