Are you still running your website or blog on WordPress version 4.7.0 or 4.7.1? Then your website or blog is under massive threat. This ArsTechnica update says that more than 2 million WordPress webpages and blog posts have been defaced using the vulnerabilities that exist in WordPress version 4.7.0 and 4.7.1. So if you’re still using these versions, upgrade to 4.7.2 as early as possible. In fact, right now.
Some web hosts upgrade WordPress to the latest version automatically but if you are hosting your WordPress installation on your own then you may have to upgrade it manually. When you log into your dashboard you will see a message that you need to upgrade your WordPress version to 4.7.2. Do it fast.
The vulnerability is in the REST API, that has been patched in WordPress version 4.7.2. 39,000 unique domains have been affected. Security firm Sucuri has reported that 4 hacking groups are active and defacing websites.
Using the vulnerability in the REST API, attackers can make simple HHTP requests that allow them to bypass the authentication system and then easily alter the title and the content of the WordPress pages.