WordPress REST API Vulnerability Abused in Defacement Campaigns

WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF network and honeypots closely to see how and when the attackers would try to exploit this issue the wild. In less than 48 hours after the vulnerability was disclosed, we saw multiple public exploits being shared and posted online. With that information easily available, the internet-wide probing and exploit attempts began.
Patches are Not Being Applied
WordPress has an auto-update feature enabled by default and an easy 1-click manual update process, but unfortunately, not everyone is aware of this issue or able to update their site. This is leading to a large number of sites being compromised and defaced.
We are currently tracking 4 different hacking (defacement) groups doing mass scans and exploits attempts across the internet. We see the same IP addresses and defacers hitting almost every one of our honeypots and network.
If google is correct, these defacers seem to be succeeding.
Campaign #1
Just for one defacer, which we call Campaign #1, Google alone shows 66,000+ pages compromised:
They started the exploits less than 48 hours ago. We
Source: https://managewp.org/articles/14342/wordpress-rest-api-vulnerability-abused-in-defacement-campaigns

source https://williechiu40.wordpress.com/2017/02/07/wordpress-rest-api-vulnerability-abused-in-defacement-campaigns/