Developers have identified a number of vulnerabilities in Easy Registration Forms (CVE-2021-39353), Preview E-Mails for WooCommerce (CVE-2021-42363), Starter Templates (CVE-2021-42360), Popular Posts (CVE-2021-42362), Contact Form Email (CVE-2021-42361) Wordpress plugins. These vulnerabilities allow an attacker to delete arbitrary publications without authentication, save cross-site scripts, download arbitrary files, perform cross-site scripting (XSS) for arbitrary commands.

Source: wordfence.com