WordPress is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress versions 4.7.x ranging from 4.7 and up to (and including) 4.7.12 are vulnerable.
Update to WordPress version 4.7.13 or latest
WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.2)
WordPress Plugin WP Accessibility Cross-Site Scripting (1.6.10)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.22)
WordPress Plugin SEO Backdoor (5.0)
WordPress Plugin Simple Download Monitor Multiple Cross-Site Request Forgery Vulnerabilities (3.9.8)