WordPress has released the update 4.7.2 which fixes a critical security bug in their authentication mechanism. The developers have declared the update as "minor" in the hope that attackers don't realize the issue. It is urgent that all users without auto-update install the update as soon as possible or disable the affected "REST" api.