WordPress 4.7.1, the REST API Vulnerability explained

Update your website now! Yes, this is the first and last thing I have to tell you, stay updated, above all if you’re using WordPress 4.7 or 4.7.1. Older versions are not affected, even if they are using the old “REST API” plugin.
This post could only be a tweet, but I wanted to give you more informations.
About WordPress
On January 26th, WordPress 4.7.2 was released as a security update, the release notes only mentioned 3 fixes about vulnerabilities but a week later, the security team disclosed another vulnerability, much more critical than the 3 others, and it was also patched in this version 4.7.2.
Why not discloses the 4 flaws in the same time? Aaron Campbell said “We believe transparency is in the public’s best interest […] It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites.”
And he’s right, I just agree with that, the usual “the sooner the better” is not welcome here.
About The Vulnerability
It’s located in the REST API core. It leads to 2 new vulnerabilities: Remote
Source: https://managewp.org/articles/14370/wordpress-4-7-1-the-rest-api-vulnerability-explained

source https://williechiu40.wordpress.com/2017/02/10/wordpress-4-7-1-the-rest-api-vulnerability-explained/