WordPress 4.7.5 Security Release is now available. This is an update for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.4 and earlier are affected by six security issues:
Insufficient redirect validation in the HTTP class.
Improper handling of post meta data values in the XML-RPC API.
Lack of capability checks for post meta data in the XML-RPC API.
A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series.
Download WordPress 4.7.5 or just enter your Dashboard and go to “Updates”, then simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.5.