While we try to be proactive in preventing security problems, we do not assume they’ll never come up. It is standard practice to responsibly and privately disclose to the vendor (the WordPress core development team, in this case) a security problem before publicizing, so a fix can be prepared, and damage from the vulnerability minimized. … Continue reading Reporting Security Vulnerabilities