VLC 2.2.4 (current version here) has a serious bug that allows complete device takeover. This has been known by VLC for months, and a preliminary fix was included in v2.2.5.1 release back in January 2017. Why has the portable version here not been updated? If we users are to rely on the software offered here, it would be nice to be able to have confidence that security problems are addressed in a timely manner.
I expect the developers here to pay attention to SERIOUS bugs.
Reference the VLC site and Torrent Freak at https://torrentfreak.com/malicious-subtitles-threaten-kodi-vlc-and-popco...