The developers of WordPress.org have just released the updated version WordPress 4.9.2 (Billy Tipton) to fix some security holes.
The change log begins by stating that all older versions of WordPress are affected by one vulnerability XSS in archives Flash fallback of MediaElement 4.x, a library included in the WordPress 4.9.
In addition to the above security issue, the new WorPress 4.9.2 contains other 21 bug fixes that you can see in official announcement.
Of course as with any other update regardless of vendor, it is recommended to upgrade immediately. You can perform a fresh installation with the packet, or upgrade automatically through the admin panel of the web application.
https://wordpress.org/download/