It’s very common for developers to customize and extend existing plugins to fit their own needs — which is one of the great advantages of using open-source software — but they often do it by making their changes directly to the plugin, which creates a security vulnerability and becomes a maintenance hassle.