The WordPress B2BKing plugin fixed a broken access control vulnerability that could allow customers to change the price of all products.
Elementor Pro, a popular page builder plugin for WordPress, fixed a broken access control vulnerability affecting version 3.11.6 and below that could allow full site takeover.
The WordPress FlyingPress plugin fixed an authenticated broken access control vulnerability affecting version 3.9.6 and below.
8 WordPress plugins were prone to a high severity authenticated arbitrary plugin installation vulnerability, among other issues.
The WordPress Sparkling theme (30,000+ active installations) fixed a unauthenticated function injection vulnerability affecting version 2.4.8 and below.