This update resolves 6 serious issues, which include:
- 3x cross-site scripting (XSS) issues
- 1x SQL injection issue that an attacker could use to compromise your website
- 1x potential timing side-channel attack
- 1x blog post locking issue
Due to the severity of these issues, WordPress is advising it’s users to update immediately.
WordPress users can update their CMS manually or since version 3.7 of WordPress an automatic updater (thanks to Sophos for this useful piece of information) will install the above mentioned update in the background. Full details of this update and how to install it are available in this WordPress blog post. WordPress.com hosted blogs such as the one you are reading now automatically receive such security updates.
The next version WordPress namely 4.3 is anticipated to arrive on the 18th of August. While this is not a security update, it does contain important changes. In order to ensure the stability and security of your WordPress installation it is prudent to have streamlined processes in place in order to apply multiple updates to WordPress each month when necessary.