Another one -https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/
Often plug-in code with Word Press php-based CMS is found to be not fully updated, patched, also often left (by developers).
New versions here were only installed by 27% of affected websites.
polonus