The vulnerability was discovered by the Wordfence team on April 30 in PageLayer WordPress plugin which allowed any authenticated user with subscriber-level and above permissions the ability to update and modify posts with malicious content, amongst many other things. The plugin is installed on more than 200,000 websites.
You can read a very detailed report by the Wordfence team on their blog.
What Should You Do
If you are under WordPress Managed Maintenance plan - we already have the latest version installed for you.
If you're not under our maintenance plan... well, what are you waiting for? Sign-up today!