A vulnerability in the WordPress REST API is being exploited by hackers to deface and remote execute scripts on sites running WordPress 4.7 adn 4.7.1. The issue has been fixed in version 4.7.2.
WordPress security double whammy! Open SSL Heartbleed vulnerability and exploits in the JetPack plugin. Read how to fix the problems & secure your website.