The WordPress DELUCKS SEO plugin version 2.1.7 and below is prone to a vulnerability that is actively exploited by hackers.
The WordPress Motors Car Dealer & Classified Ads plugin, which has 10,000+ active installations, was prone to multiple vulnerabilities in version 1.4.0 and below.
The WordPress Ultimate FAQ plugin, which has 30,000+ active installations, was prone to an unauthenticated options import vulnerability in version 1.8.24 and below.
The WordPress LifterLMS plugin , which has 9,000+ active installations, fixed a critical vulnerability in version 3.34.5 and earlier.
The WordPress Search Exclude plugin, which has 30,000+ active installations, was prone to two vulnerabilities that could allow any user to change its settings.
The WordPress WP Private Content Plus (9,000+ active installations) was prone to an unauthenticated options change vulnerability.
A critical vulnerability in the WordPress Bold Page Builder plugin, which has 20,000+ active installations, has been exploited for the past 24 hours.
The WordPress CformsII plugin (10,000+ active installations) was prone to an HTML injection vulnerability that could be used to target the administrator.
The WordPress “Simple 301 Redirects Addon Bulk Uploader”, which has 20,000+ active installations, was prone to a unauthenticated options change vulnerability that could allow an attacker to redirect all URLs to a malicous website.
The WordPress ND Restaurant Reservations plugin (300+ active installations) was prone to a critical vulnerability that could allow an attacker to take over the blog and its database.