We often find misleading to outright false information about WordPress plugin vulnerabilities coming from claimed security researchers. That frequently involves claims of non-existent vulnerabilities and, more problematically, false claims that real vulnerabilities have been fixed when they haven’t. We are now compiling information on claimed security researchers to help identify untrustworthy researcher and others trying to take advantage of the WordPress community.
Proper research involves providing details of claimed vulneraibilites and or a proof of concept, which allows others to understand the issue and for peer review to take place. It also involves making sure the issue is actually fixed before claimit it is fixed. Issues should not be reported to third-parties instead of the developers.