WordPress.org developers have just released the WordPress 4.9.2 update (Billy Tipton) to fix some security gaps.
The change log starts by saying that all older versions of WordPress are affected by a vulnerability XSS in the Flash fallback files of MediaElement 4.x, a bookcase which is included in WordPress 4.9.
In addition to the above security issue, the new WorPress 4.9.2 contains other 21 bug fixes that you can see in official announcement.
Of course as with any other information regardless of supplier, direct is recommended upgrade. You can make a new one installation with the package, or upgrade automatically through the admin panel of the web application.
https://wordpress.org/download/