The security issue is described in the July 27, 2022 security advisory. I'm reasonably confident that no work is currently being done to resolve the issue.
The security team contacts plugin maintainers and gives them a reasonable time to fix the issue before they publish a security advisory. If the maintainer does not respond or does not provide the fix, then the advisory is published to note that there is a known issue in the plugin.
We'd love to have you or someone at your employer adopt the plugin, resolve the security issue, and release a new version of the plugin. There is a five part video series on adopting a plugin and a three part video series on resolving a vulnerability in a plugin. If you prefer written instructions, there is the "Contributing to Open Source" document that guides many of the same steps.
The security issue is described in the July 27, 2022 security advisory. I'm reasonably confident that no work is currently being done to resolve the issue.
The security team contacts plugin maintainers and gives them a reasonable time to fix the issue before they publish a security advisory. If the maintainer does not respond or does not provide the fix, then the advisory is published to note that there is a known issue in the plugin.
We'd love to have you or someone at your employer adopt the plugin, resolve the security issue, and release a new version of the plugin. There is a five part video series on adopting a plugin and a three part video series on resolving a vulnerability in a plugin. If you prefer written instructions, there is the "Contributing to Open Source" document that guides many of the same steps.