If you have not yet updated your WordPress websites to WordPress 4.7.2, you need to do so as soon as possible.
While three security vulnerabilities were disclosed in the initial WordPress 4.7.2 security release post recently, a disclosure of an additional security fix in WordPress 4.7.2 was released yesterday.
In this security disclosure, an Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint vulnerability was revealed to exist in WordPress 4.7 and 4.7.1. This vulnerability permits attackers to bypass traditional WordPress security measures in order to alter web content. Due to the significance of this vulnerability, I fervently suggest you update your WordPress websites to WordPress 4.7.2 immediately.
Although WordPress 4.7.2 was released as an autoupdate, check your sites have been updated safely and effectively. You’ll find the WordPress 4.7.2 update offered in your WordPress dashboard. Visit the Updates page by clicking the icon in the top navigation bar. As always, it’s a smart idea to run a WordPress backup prior to updating.
