I’ve linked to an older post (2014) but you should always update WordPress as soon as possible. The ironic thing about using popular software is that it is vulnerable to attack, more than the less popular software. So, you choose WordPress for features, community support and reliability… and those are the same reasons the spammers, hackers and so on choose it too.
When you choose to run Windows, WordPress or other popular software know there are more security risks. Be aware, keep up with updates and if you’re upset about this and would rather not deal with vulnerabilities quite so much… choose something else with less community support/ interest. Basically, pick which drawback you can live with.
If your website runs on a self-hosted WordPress installation or on Drupal, update your software now.
Nir Goldshlager, a security researcher from Salesforce.com’s product security team, has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.