WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen.
While the security part does not affect users of WP4.0, it is still important to keep updated. Many people will have their versions of WP auto-updated, but for those who turned it off because they don’t want anyone interfering with their right to run their site, time to update. For those who are running a version prior to 4.0, time to get updated, this security flaw is severe.