While looking an option update vulnerability in the plugin Kiwi Social Share we noticed that right above the code for that vulnerability was code that causes another vulnerability. That being an information disclosure vulnerability that allows anyone to view the contents of any WordPress option (setting).
Due to the moderators of the WordPress Support Forum’s continued inappropriate behavior we are full disclosing vulnerabilities in protest until WordPress gets that situation cleaned up, unfortunately so far that hasn’t happened. Instead they have continued apace doing downright strange stuff, like deleting people just saying thank you, and inappropriate stuff, like continuing to violate their own guidelines to promote certain security companies to clean up hacked websites (and lying in the process since the companies they promote as “reputable” are any but, as one of them lies all the time and the other doesn’t even attempt to properly clean up hacked websites). Now comes the time when their refusal to clean up their act is likely to have a huge consequence.