Maybe this wordpress vulnerability? http://thehackernews.com/2017/02/wordpress-exploit-patch.html