One of the first hacks I’ve experienced with WordPress, a content injection vulnerability hack, has been plugged with WordPress’ latest patch, version 4.7.2.
The hack (https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html) can be found far and wide accross the Internet if google searches are any indication. The two versions of the hack I observed merely added a political post and as far as I can tell, did little else.
WordPress was purposely silent about this problem unitl after the fix had been available for a period of time.
I have reviewed all of our WordPress sites and removed the offending posts.