A WordPress security company—called “Plugin Vulnerabilities”—has recently gone rogue in order to protest against moderators of the WordPress’s official support forum. They’ve been publishing vulnerabilities in plugins without giving developers a chance to fix the problem before going public.
Doing so can put sites in danger – hackers are listening, and should this company find and publish a security hole in a plugin you’re using, the hackers can attack your site. Backups are critical! If you get caught in a zero-day exploit – so called because there are zero days available for the developer to fix the problem before it is announced to the world – you may need to revert to an earlier version of your site.