As part of the whole situation with Matt Mullenweg and WP Engine, there has been a reoccurring issue. His odd and sometimes possibly illegal interactions with the CEO of WP Engine, Heather Brunner. There was the incident documented in WP Engine’s lawsuit where he sent her a text offering her a job and threatening to tell the press about claimed interactions they had previously had if she didn’t accept the job. In a follow up legal filing, there was this odd statement, ‘Recently, Automattic began sending purported security alerts about WPE’s “ACF” plugin to WPE’s CEO, in another act of harassment.’ Why would Automattic send the CEO of a company security alerts? That is not something we have ever heard of happening and it isn’t something we have ever done in reporting security issues over the years, including to Automattic. In a related declaration from WP Engine’s CEO, she says the same:
One of those attacks occurred on October 4, 2024, when Automattic sent WPE a security alert about ACF, a plugin that WPE develops and contributes for use by the open source community. A true and correct copy of this email is attached as Exhibit H. Both Mr. Mullenweg and myself were cc’d on the email, which is without precedent. As the CEO, I never get copied on such routine security patch emails for minor security issues. [Read more]