4.7.2 was released in January 26th, 2017. An Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint was fixed. The WordPress Official advises the users to update the sites immediately.
The issue reporter Sucuri said, modify the WordPress website content will produce a modified data packet, The attacker can modify URL to bypass the account verification and directly view the contents of the website by REST API, In addition, the vulnerability even allows an unauthenticated user to modify the content of any post or page within a WordPress site.other content.
Sucuri provide technical details of the vulnerability and write the conclusion in his blog:
This is a serious vulnerability that can be misused in different ways to compromise a vulnerable site. Update now!