Security breaches to WP have been for the most part related to plugins. However, this week a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver.
April has been an intense month with updates launching weekly to patch vulnerabilites found on some of the most popular WP plugins. If is key to keep up with update to reduce risks of an attack. Also keep a solid daily backup and restore platform in place.
If you have any questions on how to patch this issue or other WP related security questions please contact us to review your site.