Wordpress REST API Vulnerability
Or: Why it's a very good idea to always keep your WordPress-site updated. A major vulnerability affecting the WordPress REST API, that was introduced with WordPress 4.7, has been spotted being exploited in the wild.
A major vulnerability affecting the WordPress REST API, that was introduced with WordPress 4.7, has been spotted being exploited in the wild, with a sharp increase in infected websites being seen over the last few days. The vulnerability was quietly fixed with the latest 4.7.2 update.
https://www.thewebmaster.com/hosting/2017/feb/7/major-wordpress-vulnerability-causing-mass-defacem/