[guypod]

I think it's an absolute statement about the lack of awareness to this risk.

Of course some of these site would not actually be vulnerable, but I would bet the vast majority of them don't even know they're using a library with a known vulnerability.

[wesleytodd]

Agreed, but the tools (nsp) are there to make it simple to know. Devs who are not going to update/patch are not the target here, so making big claims like this does not strongly add to the conversation IMO.

Also, this is nothing new on the web, the amount of wordpress sites with known voulns is probably MUCH higher.