Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability. WordPress version 4.7.2 was released on January 26 as a security update, but the accompanying release notes only mentioned fixes for three moderate risk vulnerabilities, one of which did not even affect the platform’s core code.