Last week I had a client contact me about a hacked website. On all of our WordPress websites that we don’t host with Pressidium (THE best WordPress hosting out there!) we use some pretty good hardening and security to make sure our sites don’t fall victim to hacks. So I was surprised to see an up-to-date site with good security get hacked. Turns out I wasn’t alone and hundreds of thousands of WordPress sites running 4.7.0 and 4.7.1 had been hacked, all be it not maliciously, due to a bug in those versions of WordPress.
The hackers, very kindly, only changed 2 blog posts on the site which were easy to roll back. WordPress was updated to the latest version which patches the bug.
More info can be found here… https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
So if you’re running 4.7.0 or 4.7.1 on any sites then update to the latest version ASAP.