WordPress versions 4.7.1 and earlier are affected by three security issues:
4. An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.
Reported by Marc-Alexandre Montpas of Sucuri Security. *
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/