Automattic released WordPress 4.7.5. It's a security update for all previous releases and you should upgrade your pages directly.
WordPress version 4.7.4 and earlier are affected by six issues Security:
- Insufficient HTTP class redirect validation. It was mentioned by Ronni Skansing.
- Inappropriate handling of post-metadata from the XML-RPC API. It was reported by Sam Thomas.
- Lack of post-data metadata capability in the XML-RPC API. It was reported by Ben Bidner of the WordPress Security Team.
- Cross Site Request Forgery (CRSF) vulnerability in the file system credentials dialog box. It was mentioned by Yorick Koster.
- Vulnerability cross-site scripting (XSS) when trying to send very large files. Reported by Ronni Skansing.
- Cross-site scripting (XSS) vulnerability in Customizer. It was mentioned by Weston Ruter of the WordPress Security Team.
In addition to the above security issues, WordPress 4.7.5 contains 3 maintenance fixes. For more information, see them release notes ή consult the list of changes.
Download the new one WordPress 4.7.5 or upgrade from Dashboard → Updates with click on the “Update Now” button.