WordPress has fixed several critical flaws in its content management system, addressing cross-site scripting and sql injection bugs, along with a severe privilege escalation / content injection vulnerability. 
The content injection vulnerability could allow an attacker to modify the content of any WordPress post or page. This is a serious vulnerability that can be misused in different ways to compromise a vulnerable site, including the installation of malicious content or the defacement of web pages. Depending on the plugins enabled on the site, PHP code could be executed by the attacker. 
Successful exploitation of cross-site scripting and sql injection attacks could allow an attacker to inject malicious code into a website.
- WordPress versions 4.7.1 and all previous versions.
- Upgrade to WordPress version 4.7.2 immediately.