We generally avoid security journalism as it frequently involves widely misleading to flat-out falsehoods, one example of that being something we discussed just a couple of weeks ago. One of the security journalism outlets we mentioned in that post was the BleepingComputer, so when a Google news alert let us know of another story related to the security of WordPress plugins from them it wasn’t surprising that it might not be totally accurate. The title of the story is WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover, though there doesn’t appear to be a design flaw in WordPress or a site takeover that actually occurred.

The “design flaw” is first described as one with the “WordPress permission system” and then as: [Read more]