The WordPress Ape Gallery plugin, which has 6,000+ active installations, fixed an authenticated arbitrary plugin deactivation vulnerability affecting version 2.0.6 and below.
The WordPress GDPR Cookie Compliance plugin, which has 90,000+ active installations, fixed an authenticated settings deletion vulnerability affecting version 4.0.2 and below.
For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
The WordPress Ultimate Addons for Elementor plugin fixed a critical zero-day vulnerability that could allow an unauthenticated user to gain administrator privileges via the AJAX API.
The WordPress Mesmerize (60,000+ active installations) and Materialis (10,000+ active installations) themes fixed a vulnerability that could allow authenticated users to modify WordPress core options in the database.