There haven’t been any recent changes to the WP Discourse SSO login code.
If manually creating the SSO record is fixing the issue, then the problem seems to be that the user IDs that are being sent from WordPress as the external_id don’t match the external IDs on the user’s Discourse SSO record. This can happen if a user’s account is deleted and then recreated on the WordPress site. I wouldn’t expect it to affect all users on a site though.
Another case the will cause problems when the require_activation parameter is set to true is for users who were created on Discourse prior to SSO being implemented. This would also affect users that were created on Discourse with the rake admin:create task.
If a site is using the default WordPress registration system, users will be registering through a form that looks like this:
Responding to the email that is sent after completing this registration form is what removes the require_activation flag for a user.
You can find instructions for disabling the require_activation flag in this post: How to turn off Discourse email verification? - #4 by simon.
You should try to confirm if other users on the site are able to login via SSO. The easiest way to do that would be to create a new account on the WordPress site with an email address that you have not yet used on the Discourse site. If you are able to login with a new account, that will make it easier to figure out what’s causing the problem.