WordPress CMS version 4.7.1 has just been released with 8 security updates and fixes for 61 bugs of the previous version.
Below are the security snapshots fixed in the new WordPress update:
Remote Code Execution (RCE) in PHPMailer
The REST API exposed data for all users who had written a post. WrrdPress 4.7.1 limits it to types of posts that we define that should appear.
Cross-site scripting (XSS) via the plugin name or version header of update-core.php.
Cross-site request forgery (CSRF) bypass through a archiveu Flash.
Cross-site scripting (XSS) via theme name fallback.
Check for whether the default mail.example.com setting has been changed in the option that allows posts by email.
A Cross-site request forgery (CSRF) discovered in operation widget editing.
Small encryption security on multisite activation key.
You can read the bug fixes from the link below.
https://codex.wordpress.org/Version_4.7.1