Security vulnerabilities are addressed in WordPress 4.7.2. An XSS and SQL injection vulnerability (wp_query()) were discovered and have been patched.

Update your sites.