For reasons we have never understood, various websites portraying them as security news outlets are treated a reliable news outlets, despite not really being news outlets. They are also included in Google News, despite a long history of publishing misleading to outright false claims related to WordPress security. One of those is the Bleeping Computer. In the latest incident related to WordPress, one of their writers, Bill Toulas, wrote a post a titled “Security plugin flaw in millions of WordPress sites gives admin access.” At the end of his post, he gave a more specific figure for the number of websites impacted, 3.5 million:
As of yesterday, the WordPress.org stats site, which monitors installs of the free version of the plugin, showed approximately 450,000 downloads, leaving 3,500,000 sites potentially exposed to the flaw. [Read more]