One of the things we do to make sure we are staying on top of security issues in WordPress plugins in keep track on any news stories mentioning them. That leads us to seeing a lot of really bad journalism, like this article at CSO Online where it was claimed that the LA Times website was hacked without the evidence needed to back this up, much less that it was due to a vulnerability in a WordPress plugin.

When we first came across this we were fairly concerned since the article claimed an older vulnerability in the Advanced XML Reader plugin, which we didn’t have in our data set, was possibly used to exploit the website. [Read more]