@cyberspace
Please, don't try to deflect the issue - and even worst, try to deflect that issue to the users.
The vulnerability, before being patched, was active and was capable of being exploited... In true, that doesn't mean that THIS particular issue in this topic WAS because of this, but is just too much coincidence.
Lets just remember that there WAS another critical security issue in CWP, that WAS exploited, with multiple servers hacked... and we still don't have ANY info from the dev team about what happend... not even "sorry".
Even if is currently patched, that doesn't mean that some servers didn't get exploited BEFORE the patch was issued...