It is a while since the Log4j issue made the tech news – but recent research has shown that many apps that rely on this module are still using a version vulnerable to attack.
Over 30% of Log4J apps use a vulnerable version of the library – BleepingComputer
Your takeaway from this
Remember that the cyber security of any custom software, web apps or even code on your WordPress or other website is your responsibility. It is up to you the check how the developers keep their (your) code up to date with the latest security patches.
Then you need to make sure they do it.
Clive Catton MSc (Cyber Security) – by-line and other articles