Automattic released WordPress 4.7.5. It's a security update for all previous releases and you should upgrade your pages directly.
WordPress version 4.7.4 and earlier are affected by six issues Security:
- Insufficient HTTP class redirect validation. It was mentioned by Ronni Skansing.
- Inappropriate handling of post-metadata from the XML-RPC API. It was reported by Sam Thomas.
- Lack of post-clearance control capacitydata in the XML-RPC API. Reported by Ben Bidner of the WordPress security team.
- Cross Site Vulnerability Request Forgery (CRSF) in the file system credentials dialog box. Reported by Yorick Koster.
- Cross-site scripting (XSS) vulnerability in attempt Missionof very large files. Reported by Ronni Skansing.
- Cross-site scripting (XSS) vulnerability in Customizer. It was mentioned by Weston Ruter of the WordPress Security Team.
In addition to the above security issues, WordPress 4.7.5 contains 3 maintenance fixes. For more information, see them release notes ή consult the list of changes.
Download the new one WordPress 4.7.5 or upgrade from the Toolbar → Updates by clicking the "Update Now" button.