Wordpress 4.7.5 was just released.
This is a security release for all previous versions and it is strongly encourage you to update your sites immediately.
WordPress versions 4.7.4 and earlier are affected by six security issues:
- Insufficient redirect validation in the HTTP class.
- Improper handling of post meta data values in the XML-RPC API.
- Lack of capability checks for post meta data in the XML-RPC API.
- A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
You can update your Wordpress installation via the Wordpress admin panel. If you want to download the latest version of Wordpress you can visit wordpress.org