Original tweet (since deleted): https://imgur.com/a/OIB65Ro
I've always been of the understanding that "responsible" disclosure by definition means only disclosing to the vendor. Shouting on twitter that "plugin X has a security vulnerability!" before giving the vendor time to address it is hardly responsible.
Quite the opposite in fact.