WordPress had new version in 4.0.1, with major security fixes to version 4.0. The latest updates include 23 bug fixes and tow hardening changes that includes better validation of EXIF Data extracted from uploaded photos.
Major issues addressed in new WordPress 4.0.1 Security Updates includes:
- Cross-site scripting Issues
- Denial of Services when password are checked
- Protections for server-side request forgery made by HTTP requests.
- Hash Collision issue that could lead to compromise of user’s account
Details about the new release can be found here.
It’s strongly advised to update to the latest version. Take some precautions such as backing up your entire site before updating.