skipBytecodeCheck
causes the Groovy version to be reported as not supporting the goal (thanks for reporting this @jgenoctr!).None.
The CVEs fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.