WordPress plugins with critical vulnerabilities, some already under attack

Security vulnerabilities with critical risk ratings are present in widespread WordPress plugins. One is already being attacked.