Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):
- an issue with stored XSS through post slugs
- an issue with Object injection in some multisite installations
- an SQL injection vulnerability in WP_Query.
- an SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).
WordPress.org already started automatic background updates that do not require you to do anything, but it may take some time for them to get to your website. If it does not update automatically, either do it yourself (and don’t forget to make a full backup first!) or contact Dusk Owl for help.