The WordPress GDPR Cookie Consent plugin, which has 700,000+ active installations, fixed a vulnerability affecting version 1.8.2 and below that could lead to authenticated stored XSS and privilege escalation.

The WordPress WPS Hide Login plugin (500,000 active installations) fixed a vulnerability in version 1.5.4.2 and below that could allow an attacker to bypass its security and access the secret login page.

The WordPress 2J SlideShow plugin, which has 3,000+ active installations, fixed an authenticated arbitrary plugin deactivation vulnerability affecting version 1.3.31 and below.

The WordPress Ape Gallery plugin, which has 6,000+ active installations, fixed an authenticated arbitrary plugin deactivation vulnerability affecting version 2.0.6 and below.

The WordPress GDPR Cookie Compliance plugin, which has 90,000+ active installations, fixed an authenticated settings deletion vulnerability affecting version 4.0.2 and below.