Welcome to the real world.
Every second of every day, script kiddies are constantly attempting to gain access to every IP address and open ports in the world. It's hard to get around forwarding ports (like for Plex), and it's something you've just got to deal with. At the end of the day, you're trusting Plex Inc to properly secure their system.
For other things like your Unifi controller etc that you've opened up to the world make sure you've got a damn secure password on it, and if you have the ability to only allow certain IPs (or ranges) then apply that.
Ideally, you should use a reverse proxy or even better a VPN (eg wireguard) for accessing the services, as then there will be yet another layer of security between you and the bad actors
The world is a dangerous place, and nowadays we've got a million apps on our phones to remotely access our various devices (Ring, Deco, Nest etc) and while none of them require ports opened, on each and every one of them you're trusting the company to properly secure those devices (and their own servers / apps) to prevent intrusions into your network) Each and every IoT device should be on your Guest wifi network and not on your actual wifi network unless its 100% necessary.