My question being; I'm a recent WordPress convert that has become quite smitten with utilizing the underlying core to power one-off CMS jobs. I've noticed the WP security blog has been quite dark of late; is there any activity within the community to fix these holes? Where is the transparency? Is the large number of defects anything that WP admins and users should be concerned about?
I hate to be doom and gloom, but I will admit that the high number of SQL injection vulnerabilities in the application grossly concerns me.