It’s already been better discussed elsewhere, but the latest security release of WordPress (v4.0.1) exposed a fatal flaw in how some developers improperly created their own shortcodes, eschewing the Shortcode API that has existed since v2.5, making it a nearly seven year old issue. The discussions on whether this update should have happened, what it…