WordPress deploys forced security update for dangerous bug in popular plugin
More than one million WordPress sites were running a vulnerable version of the Loginizer plugin.
Full story here: https://www.zdnet.com/article/wordpress-deploys-forced-security-update-for-dangerous-bug-in-popular-plugin/