I have the backstory to your question. The technical support engineer you spoke with did not accurately reflect our policy.
Access to bugfixes does require either a current support contract or a product still under software warranty, but that is the only requirement. And even there we make allowance for security vulnerabilities by making at least the oldest codefix available on demand to anyone impacted.
What bugs are fixed and by when is a complex dance between us (support) , our product managers and our engineering team. So we would not be able to provide a target release for a fix until that dance was complete. For some bugs, especially cosmetic or low impact - the answer could be effectively never (and this is true for all technology product vendors).
New features being requested can be expedited,, but that's not through direct payment, but usually by sales commitments (i.e. "we'll buy 10,000 AP's if you do X by Y"). Again this is common practice in the industry.
I hope this clarifies our policies. Let me know if you have any other questions.