Recently, there was an exploit in a popular Java framework by the Apache Foundation (not the Apache Framework). The exploit allowed remote code to be executed with full permissions due to Java’s ability to load offsite content and execute it. The good news is that the Log4J exploit affects Java and not Apache, PHP, or JS.
In short, WordPress is not vulnerable to the Log4J exploit but the servers it runs on may be. We suggest reaching out to your WebHost and asking them if their systems are vulnerable. While any responsible hosting would have been on top of this already, it never hurts to ask.
If you think that you have been hacked or exploited, reach out to us and we can have a look.