What we see over and over is that WordPress security providers and supposed journalists are focused on getting themselves attention while failing to provide useful information that would make WordPress websites more secure. A recent example involved (once again) Wordfence. As usual, they were using a vulnerability in a plugin to promote themselves:
If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as these vulnerabilities pose a significant risk. [Read more]