WordPress SEO by Yoast
According to thewhir.com, millions of WordPress installations are at risk of blind SQL injection through the WordPress SEO plugin by Yoast. For a detailed technical description of the vulnerability, click here. In short, version 18.104.22.168 and older are vulnerable and considered very risky. The issue was resolved in version 1.4. If you are running WordPress SEO, please make sure it is up-to-date ASAP. You may refer to the same WordPress.org guide on managing plugins, or you may click here for Yoast’s own instructions.
FancyBox for WordPress
This vulnerability may allow for a SQL injection attack or a privilege escalation attack. Both are quite serious and could allow a malicious user to interfere with your software and/or content. Click here for more information.
There is also a statement on WordPress.org about this issue and the need to update the plugin:
Beyond the recommendations outlined above, please also take a moment to look over your domains for any possible negative side effects of using either of the aforementioned plugins. It is also a good idea to review your WordPress user list to check for any signs that an outside party has gained access.