Yesterday the WordPress focused security company Wordfence disclosed a fixed vulnerability in the WordPress plugin RegistrationMagic. The vulnerability sounds concerning:

This flaw made it possible for unauthenticated attackers to login as any user, including administrative users, on an affected site as long as a valid username or email address was known to the attacker and a login form created with the plugin existed on the site. [Read more]