This article originally appeared on

Update to WordPress 4.7.2 Immediately

If you have not already updated your WordPress websites to WordPress 4.7.2, you need to do so immediately.

While three security vulnerabilities were disclosed in the original WordPress 4.7.2 security release post last week, a disclosure of additional security fix in WordPress 4.7.2 was announced yesterday.

In this security disclosure, an Unauthenticated  Privilege Escalation Vulnerability in a REST API Endpoint vulnerability was disclosed to exist in WordPress 4.7 and 4.7.1. This vulnerability allows attackers to bypass standard WordPress security measures in order to change content. Because of the significance of this vulnerability, we strongly recommend you update your WordPress websites to WordPress 4.7.2 as quickly as possible.

Note: We tested and found that websites using our iThemes Security plugin with the WordPress Tweaks > REST API feature set to “Restricted Access” (as recommended) are protected against the vulnerability, but it is still important to update as there are other vulnerabilities that were fixed in the WordPress 4.7.2 update.

Updating to WordPress 4.7.2

While WordPress 4.7.2 was released as an autoupdate, confirm your sites have been updated successfully. You’ll find the WordPress 4.7.2 update available from your WordPress dashboard. Visit the Updates page by clicking the icon in the top navigation bar. As always, it’s a good idea to run a WordPress backup before updating.

At Buzzword we use premium backup and security software.  We have maintenance packages that can run as a once off or monthly to ensure that your site is kept up to date at all times.

As the article above states, this update (in most cases)was automatic, but if you haven’t checked or don’t know how to check, then hit us up.  it’s what we do!