Vulnerable Plugins
There are nineteen issues this week, with five unfixed. The most critical this week are two Arbitrary File Upload vulnerabilities in Finale WooCommerce Sale Countdown (fix available) and in LionScripts IP Blocker Lite (unfixed, remove immediately) plugins, an Authenticated Arbitrary File Upload vulnerability in Shipping Servientrega Woocommerce (unfixed, remove immediately), and an Authenticated Code Execution vulnerability in Insert or Embed Articulate Content into WordPress (fix available as of June 24. 2019).
EDIT: Corrected information on Embed Articulate Content into WordPress to indicate fix available as of June 24, 2019.