If you have not already updated your WordPress websites to WordPress 4.7.2, you need to do so immediately.
While three security vulnerabilities were disclosed in the original WordPress 4.7.2 security release post last week, a disclosure of additional security fix in WordPress 4.7.2 was announced yesterday.
In this security disclosure, an Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint vulnerability was disclosed to exist in WordPress 4.7 and 4.7.1. This vulnerability allows attackers to bypass standard WordPress security measures in order to change content. Because of the significance of this vulnerability, we strongly recommend you update your WordPress websites to WordPress 4.7.2 as quickly as possible.
Updating to WordPress 4.7.2
While WordPress 4.7.2 was released as an autoupdate, confirm your sites have been updated successfully. You’ll find the WordPress 4.7.2 update available from your WordPress dashboard. Visit the Updates page by clicking the icon in the top navigation bar. As always, it’s a good idea to run a WordPress backup before updating.