This is a security release for previous releases of WordPress. Now WordPress 4.7.2 is available to download and update. I strongly recommended to update your WordPress website from old versions to WordPress 4.7.2.
WordPress versions 4.7.1 are affected by three issues which is described below:
1) The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
2) WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
3) A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
WordPress version 4.7.2 addressed above three security issues. For more information, see the release notes.
Below is the lists of files which is revised to fixed above issues:
How to update wordpress
Login in your website Admin panel and go to Dashboard => Updates and click on Update Now button. Please make sure to take you have taken backup of your website and database.
How to update wordpress manually
Download latest version of WordPress from WordPress.org and extract the zip files. Now copy the wp-admin, wp-includes folder and replace with old WordPress directories and sub-directories and also replace the old files from root directory with latest. Do not delete any files or folders from wp-content folder.