Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, open the door to site takeovers, researchers say. Nearly identical bugs are also found in the sister plug-in, Team Showcase, which has 66,000 installs. Both bugs are pending CVE numbers, and both are 7.5 out of 10 on the CvSS vulnerability scale. The fixed versions are Post Grid v. 2.0.73 and Team Showcases v. 1.22.16.16.
Source: https://threatpost.com/wordpress-plugin-flaws/159856/