A vulnerable extension is one that has been found to contain (or contribute to) a security vulnerability.
Vulnerable extensions are not necessarily poorly-coded. As the Web evolves, technical requirements and commonly accepted coding practices change. Active projects release new versions of their extensions as requirements change. For this reason, it is important to: