Automattic just released the new WordPress 4.7.2, another update to the popular CMS. The new version comes with some security enhancements. According to the official announcement:
"Versions prior to WordPress 4.7.1 and 4.7.1 are affected by three security issues:
The Press This taxonomy terms user interface appears in users who have no rights to use it. Reported by David Herrera of Alley Interactive.
WP_Query is vulnerable to SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we have hardened it further to prevent issues from plugins. Reported by Mo Jangda (batmoo).
A vulnerability cross-site scripting (XSS) ανακαλύφθηκε στον πίνακα λίστα των μηνυμάτων. Αναφέρθηκε από τον Ian Dunn της ομάδας ασφάλειας του WordPress.”
Read above
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Download the new version or upgrade directly from panels management.