Not to give this framework that powers much of the world’s Websites a bad rap, but at any one time there are around 1000 known direct or indirect vulnerabilities that are constantly being patched. So, if you have a WordPress Website, ALWAYS make sure it, and any plugins, are up to date with the latest versions. While it can be a litle annoying going through and having to manually click update, it is worth it. In fact, some vendors plugins actually allow automated plugin updates, and the WordPress core is very good at partial updates and warning of full updates as they become available.
https://threatpost.com/wordpress-4-7-1-fixes-csrf-xss-phpmailer-vulnerabilities/123043/