"I announced an unfixed security vulnerability in Build Pipeline Plugin today, after a year or so without a response by the maintainer. I tried contacting them via email too.
Sure, this may be one of the less notable security issues, but IMO it's still a problem for a plugin present in the setup wizard – especially given that there's no warning support here. Right now, users might "Select All" and be greeted with a security warning afterwards. Not good. (I cannot enable/disable them based on core version, only plugin version.)