In the last two weeks, over 50,000 WordPress websites have been hacked due to a major security vulnerability that was discovered in the WordPress REST API.
The core team silently fixed the issue and pushed out WordPress 4.7.2 update.
If you haven’t updated your WordPress site, then please do so immediately.
With this vulnerability, anyone on the internet can deface your website without having the login access. YES, it’s that serious!
So go ahead and update your sites to WordPress 4.7.2.