WordPress is well known for security vulnerabilities which have been exploited by hackers: sometimes allowing the hackers to exploit the web server and mySQL. WordPress is an excellent content management system (CMS), and is easiest, most powerful, and most widely used CMS in existence. For that reason of its immense popularity and usage, it is targeted by hackers who look for vulernabilities in each update release. Similar in reason why exploits in the Windows operating system are more common than in the Mac OS because PC sales far exceed Mac sales.
So, it is of critical importance that, if you use WordPress, you keep your WordPress installation up-to-date. When you login to your WordPress control panel (wp-admin), WordPress will show a message if WordPress or any plugins or templates are out-of-date. If the case, upgrade ASAP. Immediately without hesitation. It is very quick and easy to upgrade WordPress, plugins, and templates. It can all be done within the WordPress admin environment. Do it before a hacker hacks your WordPress. Hackers are constantly searching the web for WordPress websites. We do not use WordPress, but we see hackers probing our server (by looking for existence of WordPress files) constantly every day, and every hour. So, again I cannot overstate this. Keep your WordPress installation up-to-date, and check daily: or install the WP Updates Notifier
WordPress plugin, which will email you when updates are released.