WordPress 4.7.2 shipped today with security updates. All three updates require existing administrative access, so don’t seem to have a super high risk profile compared to publicly exposed areas. You should’ve already gotten automatic update notices for your websites — a thing that still delights me.
