A few weeks ago The Hacker News had an article about how some recently discovered flaws in two popular WordPress plugins. These plugins are used by several million WordPress sites and either could be exploited to eventually gain remote code execution (RCE) on the servers. The article didn't say if the researchers did the "responsible disclosure" thing and notified the authors, giving them time to fix the problem.
