Security vulnerabilities have been identified within libinput's Lua-based plug-in system. This system, designed to allow modification of input device behavior and events, was initially introduced with libinput version 1.30 last year. The recent discovery of these issues prompts concerns regarding the security of implementations utilizing this plug-in functionality. The libinput project is now addressing the identified security implications.