If you are not running WordPress 4.7.2, go to your website and update immediately before finishing this post.
WordPress version(s) effected: 4.7.0+
Patched in version: 4.7.2
About the Vulnerability
Any person or bot with the ability to visit public endpoints can add content to any post or page using only the REST API. The attacker does not have to be logged in to accomplish any content injection.
The vulnerability was discovered by Sucuri Team and reported to the WordPress team. A patch was pushed in the latest version of WordPress (4.7.2).
What should you do
You should update WordPress to version 4.7.2. If you have disabled your “Auto Updates” for WordPress, now is a good time to re-enable them. If you are not able to update your WordPress site, contact us and we can provide assistance.