Just to clarify - we always recommend that users run the latest versions of their plugins and themes, and naturally, WordPress itself.
In this case, it appears that our security scanner identified an older version of WordPress Related Posts running on a VaultPress user's site. According to the following advisory, the older version has a security vulnerability:
The security notification identified 2.7.1 as the vulnerable version, but this was a typo. The vulnerable version is 2.6.1, and we've since updated our messaging to reflect this.
I hope this helps - thanks for bringing this to our attention!
-Chris from VaultPress