The WordPress Motors Car Dealer & Classified Ads plugin, which has 10,000+ active installations, was prone to multiple vulnerabilities in version 1.4.0 and below.

The WordPress Ultimate FAQ plugin, which has 30,000+ active installations, was prone to an unauthenticated options import vulnerability in version 1.8.24 and below.

The WordPress LifterLMS plugin , which has 9,000+ active installations, fixed a critical vulnerability in version 3.34.5 and earlier.

The WordPress Search Exclude plugin, which has 30,000+ active installations, was prone to two vulnerabilities that could allow any user to change its settings.

The WordPress WP Private Content Plus (9,000+ active installations) was prone to an unauthenticated options change vulnerability.