WordPress CMS version 4.7.1 has just been released with 8 updates security and fixes for 61 bugs of the previous version.
Below are the security snapshots fixed in the new WordPress update:
Remote Code Execution (RCE) in PHPMailer
The REST API exposed data for all users who had written a post. WrrdPress 4.7.1 limits it to types of posts that we define that should appear.
Cross-site scripting (XSS) through the name Plugin ή header version of update-core.php.
Cross-site request forgery (CSRF) bypass via a Flash file.
Cross-site scripting (XSS) via theme name fallback.
Checking if the default mail.example.com setting has been changed to the allow option publications by email.
A cross-site request forgery (CSRF) discovered in widget editing.
Small encryption security on multisite activation key.
You can read the bug fixes from the link below.
https://codex.wordpress.org/Version_4.7.1