A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user.
WordPress 4.9.4 - DoS vulnerability from 4.9.228/02/2018
2.6 years ago.
#Op Black Friday23/11/2018
The big day is here.