If you are using any of hese plugins you should update your installations immediately.
- WooCommerce Store Toolkit Plugin (A plugin for WooCommerce made by Visser Labs, not the core product) version 1.5.6 contains a privilege escalation vulnerability. The vulnerability allows a registered user to delete all posts, comments, products, orders, media and more. Upgraded to version 1.5.7 immediately to fix this issue.
- WordPress User Meta Manager plugin version 3.4.6 contains an information disclosure vulnerability that allows an unprivileged user to download the user_meta table. It also contains a privilege escalation vulnerability that lets anyone upgrade themselves to admin along with a blind SQL injection vulnerability. These are fixed in 3.4.8. The fix was released within the last 24 hours. Upgrade immediately.
- The WP User Frontend plugin version 2.3.10 and older contains an unrestricted file upload vulnerability that allows anyone to upload a file to your WordPress installation. This is fixed in version 2.3.11 and newer (current version is 2.3.12). The fix was released within the past 24 hours. Upgrade immediately.
Upgrade immediately if you use any of these and please share this information with the larger WordPress community.