The WordPress Easy WP SMTP plugin (500,000+ active installations) fixed a critical zero-day vulnerability affecting version 1.4.2 and below that could allow an unauthenticated user to reset the admin password among other issues.

The WordPress Secure File Manager plugin (1,000 active installations) is prone to an authenticated remote code execution vulnerability affect version 2.5 and below.

The WordPress Ultimate Reviews plugin (2,000+ active installations) fixed an insecure deserialization vulnerability affecting version 2.1.32 and below that could lead to unauthenticated PHP object injection.

The WordPress GDPR CCPA Compliance Support plugin (1,000+ active installations) fixed an insecure deserialization vulnerability affecting version 2.1 and below that could lead to unauthenticated PHP object injection.

The WordPress TI WooCommerce Wishlist plugin (70,000+ installations) fixed a critical Zero-Day vulnerability affecting version 1.21.11 and below that could allow an attacker to take over the blog and its database.