According to researchers, an unpatched vulnerability in a popular WordPress plugin called the WooCommerce Checkout Manager extension is potentially putting more than 60,000 websites at risk.
The WooCommerce Checkout Manager plugin allows users to customize and manage the fields on their checkout pages.
This plugin has been removed from the WordPress plugin repository. When you visit the plugin's page, the following notice will appear: "This plugin was closed on April 26, 2019 and is no longer available for download."
Users are urged to disable or uninstall this plugin ASAP. You might consider using YITH WooCommerce Checkout Manager instead.
With YITH's plugin, you can add or remove fields, both text and check box, date picker, select and radio button in an easy way. Furthermore, you can set a different style for data insertion fields, manage error messages and change their disposition.
Also, Yellow Pencil Visual Theme Customizer has been removed from the WordPress plugin repository due a vulnerability. The vulnerability was fixed in 7.2.0 version (The latest version is 7.2.1.)
You might want to install and activate a security plugin such as iThemes Security or Wordfence Security.