WordPress Bug ‘Patch’ Installs Backdoor for Full Site Takeover

A faux security alert purports to provide a fix for an RCE flaw, but instead creates a user with admin privileges and spreads a backdoor to infected sites.