At the end of January, WordPress 4.7.2 was released to fix four security issues, three of which were disclosed at the time of the release. The fourth and most critical issue, an unauthenticated privilege escalation vulnerability in a REST API endpoint, was fixed silently and disclosed a week after the release. This vulnerability allows anyone with the right know-how to edit the content of...