The 4.7.1 version of WordPress CMS has been released with 8 security updates and fixes for 61 bugs of the previous version.
Below are the security snapshots fixed in the new WordPress update:
Remote Code Execution (RCE) in PHPMailer
The REST API exposed data for all users who had written a post. WrrdPress 4.7.1 limits it to types of posts that we define that should appear.
Cross-site scripting (XSS) through the plugin name or version header of update-core.php.
Cross-site request forgery (CSRF) bypass through a archiveu Flash.
Cross-site scripting (XSS) via theme name fallback.
Checking if the default mail.example.com setting has been changed to the allow option publications by email.
A cross-site request forgery (CSRF) discovered in widget editing.
Small better safety encryption in the multisite activation key.
You can read the bug fixes from the link below.
https://codex.wordpress.org/Version_4.7.1