According to Threatpost, 1.5 million WordPress sites have been hacked due to a silently fixed content injection vulnerability. The fix was released on January 26th, but was not immediately announced so that attackers would not be aware of the vulnerability. WordFence researchers indicate this is “one of the worst WordPress related vulnerabilities to emerge in some time.” The IT Security Office recommends you update as soon as possible.
WordPress versions prior to 4.7.2
Update to WordPress 4.7.2 
WordPress 4.7.2 Maintenance and Security Release
Additional information about this vulnerability can be viewed at:
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or firstname.lastname@example.org. IT Service Center Hours: http://www.colorado.edu/oit/support/it-service-center
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.