WordPress developers are pushing a new update to the content management system. The update fixes eight security issues, including a handful of cross-site scripting and CSRF bugs. One of the XSS vulnerabilities could be triggered via the plugin name or version header on update-core.php, another could be exploited via theme name fallback. Another issue in WordPress REST API could have exposed user data for any users who authored a post of a public post type The update also includes an updated version of the email sending library PHPMailer.
Source: https://threatpost.com/wordpress-4-7-1-fixes-csrf-xss-phpmailer-vulnerabilities/123043/