That’s awesome, now can you find one that points to all the plugins that cause these security exploits? Because none of those are from the default WordPress install with the Standard plugins (ACF Pro, CPT UI, etc).
THIS.
Impressive how experienced developers and professionals fall for this fallacy all the time because, wait, they don't actually KNOW A THING about wordpress.
It’s an interesting semantic game, but ultimately not very revealing. The platform is what gave you the vulnerability; whether it was core, a theme, or a plug-in is a matter of trivia. Especially considering the plug-in “store” is curated. Contrary to your assessment I’ve deployed quite a few things with Wordpress before.
