0-day vulnerability on WordPress 3.x (remote command execution)

Lying about a highly dangerous 0-day in a very widely distributed piece of software seems in bad taste, even for April Fools Day.

OK, if that was April Fool's, it's in very, very bad taste. People like me who aren't hackers or technically savvy will take it seriously. I tweeted it around. At the end they could have at least said April Fools, FFS!

There's April Fool's jokes, and there's "seriously nasty month-ruining unpatched exploit in the wild". This is not a good example of the former.