The WordPress 404 to 301 plugin (100,000+ active installations), fixed a broken access control vulnerability affecting version 3.0.7 and below.
WordPress Popular Posts plugin (300,000+ active installations) fixed improper input validation affecting version 5.3.2 and below that could lead to remote code execution.
Multiple WordPress plugins were found to be vulnerable to cross-site request forgery (CSRF) attacks.
The WordPress Kiwi Social Sharing plugin fixed a critical vulnerability affecting version 2.1.0 that could allow unauthenticated users to modify WordPress options in the database and take over the website.
Improper input validation in the WordPress Controlled Admin Access plugin (8,000+ active installations) affecting version 1.5.5 and below could lead to privilege escalation.