If you are running WordPress 4.7 and have not yet updated to 4.7.2, please do so immediately. Additional details have now been released concerning a previously undocumented vulnerability that was patched in 4.7.2. This vulnerability could easily allow anyone to modify any post on your WordPress and the exploit potential goes well beyond that.
4.7.2 was released on January 26, 2017 so if you have automatic updates enabled this update will have already been applied. Please double check your WP admin panel to be sure.
You can read the full details here: https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/