WordPress 4.7.2 was released last Thursday, January 26th.
WordPress have just announced that In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional vulnerability for which disclosure was delayed.
The fourth security issue, which is rated severe, was not mentioned because it was so severe that the company deemed it more important to patch against it before it became known. The issue was an Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint.
Previous versions of WordPress, even with the REST API Plugin, were never vulnerable to this.
If you have not already updated, please do so immediately.