WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week
Source: Threadpost