> It also had a debug command that wasn't authenticated that let you print the contents of any motd file in a folder. Except it didn't escape strings properly, so you could `../...` to escape out of that directory and print any file.

That's hilarious and showcases how un-sandboxed those plugins are.