A core problem with the handling of the security issues with WordPress plugins is the team running the Plugin Directory, who have shown themselves not to be up to task of handling the role they are in. Part of that involves an inability to work with others to fix the problems the team are causing. That seems in part due to a belief they have capabilities they don’t. You can get a taste of that from the bio for one of the members that reads in part:

Fundamentally, I started using WordPress because I was bored at work. So I started messing around on the forums, reading questions, finding the answers by reading the code, and then by answering the questions for others. Do that for a year and you will know everything there is to know about the code. [Read more]