A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them.
I mean... You have to explicitly hit "open", and it requires you to do so? This is like saying email has a vulnerability because it lets* me open files sent there?
Starts getting into demarcation land at that point, because the OS defines what files are opened in which program. Just saving makes sense as a compromise though!