The WordPress GDPR Cookie Compliance plugin, which has 90,000+ active installations, fixed an authenticated settings deletion vulnerability affecting version 4.0.2 and below.

The WordPress Ultimate Addons for Elementor plugin fixed a critical zero-day vulnerability that could allow an unauthenticated user to gain administrator privileges via the AJAX API.

The WordPress Mesmerize (60,000+ active installations) and Materialis (10,000+ active installations) themes fixed a vulnerability that could allow authenticated users to modify WordPress core options in the database.

The WordPress IgniteUp/Coming Soon and Maintenance Mode plugin, which has 30,000+ active installations, was prone to multiple vulnerabilities in version 3.4 and below that could lead to arbitrary file deletion, stored XSS, information disclosure, HTML injection in email and CSRF, among a few other issues.

The WordPress Funnel Builder by CartFlows plugin, which has 30,000+ active installations, fixed a privilege escalation vulnerability affecting version 1.3.0 and below.