WordPress 4.7.5 was released on May 16 and is an update which fixes six security issues of version 4.7.4 and earlier.
The fixed security issues are:
- Insufficient redirect validation in the HTTP class.
- Improper handling of post meta data values in the XML-RPC API.
- Lack of capability checks for post meta data in the XML-RPC API.
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
The official list of all changes can be found here.
Remember to backup before installing updates and update soon.