WordPress have released a security update for versions 4.7.1 and earlier which fixes three security discovered security issues covering a SQL Injection vulnerability, an XSS vulnerability and unauthenticated privilege escalation in the REST API.
You are recommended to update your WordPress version immediately.
Remember to always take a full backup of your files and database before running updates!