A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user’s password and in turn, gain access to their account.
The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
WordPress sites slow to update to the recent 4.7.2 security release run the risk of falling victim to a handful of defacement attacks spotted by Sucuri.