Over the years, we have been made aware of various reports of security vulnerabilities in our extensions. Be careful. Sites discussing such things may not have the best of intentions. The only place you should look for information about vulnerable extensions is the official Joomla Vulnerable Extensions List.
Sometimes, security scanning systems do report issues in our extensions. While it's very unlikely that such reports would uncover a serious vulnerability, we do need to investigate them and take action to prevent our extensions being reported. If you encounter such a report, please get in touch, with as much detail as possible. We will attend to the matter promptly.
We are very experienced developers and we know what we are doing. We can't guarantee that we will never make a mistake, but we do take security seriously and will investigate any reported problems immediately.