But we have – https://patchstack.com/database/ – you can find info about every vulnerability reported by our team or by our community and verified/triaged by our team.
Later, those vulnerabilities are either fixed by the plugin vendors (so the review team doesn’t have to do it on their own) or we inform them about them.
For example, we contacted the review team over 1000 times in October about closing themes and plugins.
So, saying we don’t contribute to the ecosystem is just hurtful.
