The release of WordPress 4.7.2 fixed 3 issues which were made known a fourth critical issue with the WordPress REST API which could result in an unauthorized privilege escalation (in normal-people terms: “somebody could post to your site who did not have permission to do so”).
The guys at WP Tavern have an in-depth article on the vulnerability.
As WP Tavern noted, “The attacks are primarily simple defacements so far.”
We have scanned the sites of our clients who have been exploited by this hack and have found no infections within files or the database.
As always, keep your WordPress sites up to date! Or just ask us to do it for you. 😉