On the 1st of February 2017 a security vulnerabitity that allows a visitor to modify the content of a WordPress page has been dicovered.
How it works ?
An unauthenticated user can get additional rights by exploiting a vulnerability in the REST API and doing so is able to modify the content of any page of the vulnerable WordPress site.
Am i concerned ?
The REST API has been added in WordPress 4.7.0
The API allows to see/edit/delete/create an article. Thanks to a bug a visitor can do those actions.
This API has been enabled by default since added, if you use version 4.7.0 or 4.7.1 you are concerned.
How i fix this ?
A patch has been released, you can update you WordPresss to version 4.7.2 to fix the issue.
It is highly recommended to enable automatic updates on your WordPress.
Sources : sucuri.net article