To keep your site secure it is considerable to keep your WordPress up to date. Usually vulnerabilities, found in any version of WordPress, are kept in public domain
All the data is kept in public domain that usually shows the vulnerability found in a new version of WordPress. This is one of the main reason to always update WordPress.
We are now provided with automatic update in WordPress, for this first backup your all files and database then go to Drashboard>>Updates and then click on Upgrade button.