WordPress versions 4.7.1 and earlier are affected by three security issues: 1. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. 2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. 3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table. External Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Created wordpress tracking bugs for this issue: Affects: fedora-all [bug 1417159] Affects: epel-all [bug 1417160]
CVE assignment: http://seclists.org/oss-sec/2017/q1/217