Wordpress released patches for vulnerabilities affecting versions 4.7 and 4.7.1. The critical bug allowed attacker to execute two vulnerabilities: Remote privilege escalation and Content injection bugs. That allowed unauthenticated attacker to modify all pages on unpatched sites and redirect visitors to malicious exploits. Fix is available in version 4.7.2.