27 vulnerabilities this week, with 4 unfixed, but 1 being worked on. WooCommerce PayU India (PayUmoney – PayUbiz) , Instamojo for WooCommerce and DW Mega Menu are all closed and show no sign of a fix - Ovic Addon Toolkit is closed, but is being worked on. It is an arbitrary file deletion vulnerability, so do take care if you don't remove or disable it.
View this week’s vulnerable plugins list