We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability.
These RCE attempts started today after a few days of attackers (mostly defacers) rushing to vandalize as many pages as they could. The RCE attempts we are seeing in the wild do not affect every WordPress sites, only the ones using plugins that allow for PHP execution from within posts and pages.
Continue reading RCE Attempts Against the Latest WordPress REST API Vulnerability at Sucuri Blog.