WordPress REST API Vulnerability is Being Actively Exploited, Hundreds of Thousands of Sites Defaced.
A major vulnerability affecting the WordPress 4.7. The vulnerability was quietly fixed with the latest 4.7.2 update. The nasty bug resides in WordPress REST API that would lead to the creation of two new vulnerabilities: Remote privilege escalation and Content injection bugs.
All customers websites are updated and secure.