Link to post WordPress 4.7.2 Security Release

WordPress versions 4.7.1 and earlier are affected (…): The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. (…) WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added…