Elementor Pro, a popular page builder plugin for WordPress, fixed a broken access control vulnerability affecting version 3.11.6 and below that could allow full site takeover.

The WordPress FlyingPress plugin fixed an authenticated broken access control vulnerability affecting version 3.9.6 and below.

8 WordPress plugins were prone to a high severity authenticated arbitrary plugin installation vulnerability, among other issues.

The WordPress Sparkling theme (30,000+ active installations) fixed a unauthenticated function injection vulnerability affecting version 2.4.8 and below.

WordPress AdSanity plugin is prone to a critical vulnerability affecting version 1.8.1 and below that could allow a low-privilege user to perform arbitrary file upload, remote code execution and stored cross-site scripting attacks.