WordPress released an update to patch an Object Injection Vulnerability rated by the National Vulnerability Database as critical.
A WordPress vulnerability rated as critical has been patched. Although the exploit is labeled as critical, one security researcher states that the likelihood of the vulnerability being exploited is remote.
The patch is applied to WordPress version 5.7.2. Sites opted into automatic download should be receiving this update without any additional action by publishers.