Vulnerable Plugins
Somehow (thankfully) there has been only one public disclosure over the last two weeks: an Unauthenticated Arbitrary File Upload vulnerability in the Ultimate Member plugin that has been patched with version 2.0.23.
View this week's vulnerable plugins list.
An Unauthenticated Arbitrary File Upload is a critical vulnerability, so you should update this plugin as quickly as possible. PluginVulnerabilities.com has a good write-up on the specifics of the vulnerable code. If you are unable to patch, the issue can be partially mitigated by either preventing image uploading through the plugin (as described in the pluginvulnerabilties write-up) or by blocking php execution in the uploads directory (which you should be doing anyway).