Add comment to vaultpress.php to ensure SAST false positives are easi…

…er to flag (#37326)

Add comment to save others time trying to write a PoC for a non-exploitable issue

projects/plugins/vaultpress/changelog/patch-37326

@@ -0,0 +1,5 @@
+Significance: patch
+Type: changed
+Comment: Only adding inline documentation. No code changes.
+
+

projects/plugins/vaultpress/vaultpress.php

@@ -1819,6 +1819,10 @@ function parse_request( $wp ) {
 				die( 0 );
 				break;
 			case 'exec':
+				/*
+				 * Despite appearances, this code is not an arbitrary code execution vulnerability due to the
+				 * $this->validate_api_signature() check above. Static analysis tools will probably flag this.
+				 */
 				$code = $_POST['code'];
 				if ( !$code )
 					$this->response( "No Code Found" );