WordPress on January eleven two thousand seventeen released a maintenance and security update 4.7.1. This is an update for all previous versions of WordPress. This update includes eight security fixes.
Security fixes in WordPress 4.7.1 include:
* Remote code execution in PHPMailer
* REST API exposed user data for users who had authored a public post type
* Cross site scripting on update-core.php
* Cross site request forgery bypass uploading Flash file
* Cross site scripting theme name fallback
* Email post checks mail.example.com
* Cross site request forgery in widget editing
* Weak multi site cryptographic security activation key
You can update your version of WordPress to 4.7.1 by clicking on your “Dashboard” if not already there. Then select “Updates”. Finally click on “Update Now”.
If your WordPress site was configured with automatic background updates, then you should already be updated to 4.7.1. Also, you can download update 4.7.1 directly from WordPress.org. Finally, check out this WordPress 4.7.1 update blog post for more details.