There are no publicly know security vulnerabilities at this time. With that said though, would you please send a report about that following this guide https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/ ?
I see. So I need a detailed report.
Problem is that I’m not the one that discovered the issue.
In the video on that page they did. But I suppose they are not interested in including their solution in main software, because that’s their business.
Could a WordPress admin contact them and maybe start a crowdfunding campaign to include their solution?
It doesn’t seem correct that main software has the flaws they are reporting. And their solution seems very promising. Because no matter if you have unsafe plugins injection us not possible.
File the report with the security email address including just a link to what you found and your concerns. The security team will follow-up.
