On February 1, website security firm, Sucuri, disclosed a severe content injection vulnerability in WordPress. A fix for this was silently included in version 4.7.2 after they reported it to WordPress. You can learn more about this here: https://blog.sucuri.net/2017/
Over the past week, hundreds of thousands of WordPress websites have been defaced as a result of this vulnerability. There’s more information about how the vulnerability has spread on Sucuri’s blog and numerous news websites: https://blog.sucuri.net/2017/
If you believe that your website may be affected by this, please reach out to the team at Sucuri (live chat, email, or phone): https://sucuri.net/
If you’re currently running on a version lower than 4.7.2, please update your WordPress installation immediately.