The WordPress TI WooCommerce Wishlist plugin (70,000+ installations) fixed a critical Zero-Day vulnerability affecting version 1.21.11 and below that could allow an attacker to take over the blog and its database.

Fifteen WordPress themes were prone to critical unauthenticated function injection and privilege escalation vulnerabilities.

Additional WordPress plugins and themes were found to be vulnerable to CSRF attacks.

The WordPress Simple:Press plugin (600+ active installations) fixed a broken access control vulnerability affecting version 6.6.0 and below that could lead to unauthenticated arbitrary file upload and remote code execution.

Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.