WordPress CMS version 4.7.1 has just been released with 8 updates security and fixes for 61 bugs of the previous version.
Below are the security snapshots fixed in the new WordPress update:
Remote execution code (RCE) in PHPMailer
The REST API exposed data for all users who had written a post. WrrdPress 4.7.1 limits it to types of posts that we define that should appear.
Cross-site scripting (XSS) μέσω του ονόματος Plugin or the update-core.php version header.
Cross-site request forgery (CSRF) bypass through a Flash file.
Cross-site scripting (XSS) via theme name fallback.
Check for whether the default mail.example.com setting has been changed in the option that allows posts by email.
A cross-site request forgery (CSRF) discovered in widget editing.
Small encryption security on multisite activation key.
You can read the bug fixes from the link below.
https://codex.wordpress.org/Version_4.7.1