Wow they seriously posted that? I’m really surprised they did because that information is wrong.
TLDR: Pods is safe and was never in danger of being fully impacted by the WordPress.org plugin hacks that were attempted in mass a few weeks ago.
Pods was impacted by an attempt to release an infected version but that was thwarted by our extra security precautions around our plugin release process.
They took over one of our WordPress.org committer accounts but were unable to compete the release.
Wordfence explains the situation here on their blog: https://www.wordfence.com/blog/2024/06/3-more-plugins-infected-in-wordpress-org-supply-chain-attack-due-to-compromised-developer-passwords/
The impacted code was removed from SVN and prior to that was never even released as downloadable ZIPs to any WordPress site through manual installs or automatic updates.
I’ll have to contact Patchstack. Now we’ll have to skip the Pods 3.2.3 version number to prevent more confusion but that’s easy enough.