WordPress Version 4.7.2 was published on January 26 and contains three important security fixes.
The security issues were:
- The user interface for assigning taxonomy terms was shown to users without the permission to use it in Press-This.
WP_Querywas vulnerable to a SQL injection when passing unsafe data. The update prevents plugins to accidently crate security issues which effect the WordPress core.
- A cross-site scripting (XSS) vulnerability was discovered in the posts list table.
A official list can be found here.
Remember to backup and install security related updates fast.