The vulnerability has been found by Marc Alexandre Montpas from Sucuri, there is an Content Injection and Privilege Escalation vulnerability hits Wordpress versions 4.7 and 4.7.1 and allows all pages on unpatched sites to be modified, redirecting visitors to exploits and a myriad of attacks.
On the blogpost Marc said -
One of these endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows visitors to edit any post on the site.
The REST API is enabled by default on all sites using WordPress 4.7 or 4.7.1. If your website is on these versions of WordPress then it is currently vulnerable to this bug.
With no lose WordPress team had released the patch for the vulnerability and We also recommend our all users and other WordPress site admins to update your WordPress core version now. This is another easy but critical vulnerability that WordPress suffers.
There are about 2 million site running on WordPress CMS, hence this bug puts all of them at high risk.
Just last week only WordPress team have patched two critical Cross Site Scripting (XSS) and one SQLinjection vulnerability.
On our last security updates we have wrote about the basic Tips for the WordPress Security, do get to it which will surely help to make your site security much tighter.