Last week WordPress released the second security update for version 4.7. There were 3 security issues fixed:
- Interface for assigning taxonomy terms in Press This was shown to users who did not have permission
- An SQL injection vulnerability was patched in the WP_Query class to prevent poorly coded plugins and themes from falling victim (involving post types)
- Fixed a cross-site scripting (XSS) vulnerability in the post listing table (excerpts were not being escaped)
It is strongly encouraged that, if you are not using an automated update system, you manually update/upgrade your version of WordPress to this latest to prevent exploitation.