WordPress has fixed a vulnerability that allows an unauthenticated user to modify the contents of any post or page within a WordPress site. This vulnerability can be exploited via REST API, which is enabled by default in WordPress 4.7.0 and above.
A fix for this was silently included on version
4.7.2 along with other less severe issues including a cross-site scripting and a SQL injection vulnerability, with the latest version of the CMS.
The update, 4.7.2, was pushed only two weeks after developers released the previous version.
Read more on the latest security release:
WordPress 4.7.2 Security Release
