What is the WordPress Security Update?
WordPress is open-source content management software that is used to manage and publish Web sites. WordPress has announced a critical security update for all previous versions and strongly encourages all WordPress users to update their sites immediately.
This release addresses critical cross-site scripting and SQL injection vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected Web site. Versions of WordPress 4.7.1 and prior are vulnerable.
What is Pitt doing?
Computing Services and Systems Development will be working with WordPress system administrators to apply the appropriate patch.
What should I do?
If you administer a Web server that is using a vulnerable version of WordPress, you should upgrade to WordPress 4.7.2 immediately after ensuring your site data is backed up. Please refer to the reference links below for details.
If you manage a WordPress server in your department and would like assistance determining if it is susceptible, or would like assistance in identifying indications that a compromise has occurred, please contact the Technology Help Desk at 412-624-HELP  or submit a request online.
WordPress Security Release - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/