fixing this should be scratches top priority, and it should have been when they were told about it 2 years ago. UPDATE users are already getting hacked, and unless im missing something scratch could have prevented ever hacked user from being hacked if they tackled this when they were told. even worse, there has been no offical warning about ANY of this. it should not be our responibility to warn people about this, scratch needs to put a offical warning about this on the frontpage ASAP. every infected user is on THEIR hands. some people are saying its fixed but ive been unable to find an original source as the only official thing we've gotten is buried comments on one ST members profile, so i cannot be sure (this is why we need ACTUAL OFFICAL EASY TO FIND COMMUNICATION ST)
https://muffin.ink/blog/scratch-vulnerability-disclosure/
