This isn't a smartphone. It is a server that other people (that you specifically get to target) have to use.
It is your responsibility to verify your supply chain. If you can't do that, maybe you shouldn't operate a website that collects user information.
At least before cloud you would have to set up bare metal services which gave people an idea of what they were actually assembling. The fancy control panels and one click installs have created a group of overly entitled administrators who can't admin and won't take any responsibility for running shit, misconfigured, off the shelf services from companies they didn't even vet.
You are missing the point. This is a freemium plugin listed in the WordPress plugin directory. They (WordPress) are being negligent by exposing users to that kind of code without any warning, enabling users to install this directly from they WP Admin area.
One should expect at least a red flag, but as always they just care about numbers.
I completely get the point. We are looking at both sides of the same coin. Read my comment again. We are both describing the same problem from different angles.
You claim that WordPress has a responsibility to vet the submissions on their plugin repo in the same way that Apple vets apps on the app store.
I think this level of abstraction has made web operators lazy. I think WordPress.org has a responsibility to host everybody's code and that it is your responsibility as a website operator to vet that code before you let your server run it. Just because you pay for Github or financially contribute to an app on Github doesn't shield you from bad code that another Github user has submitted.
Nevermind WordPress and all of the plugins they host are GPLv2, which means.....(verbatim) "BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW."
It is your responsibility to verify your supply chain. If you can't do that, maybe you shouldn't operate a website that collects user information.
At least before cloud you would have to set up bare metal services which gave people an idea of what they were actually assembling. The fancy control panels and one click installs have created a group of overly entitled administrators who can't admin and won't take any responsibility for running shit, misconfigured, off the shelf services from companies they didn't even vet.