WordPress 4.9.2 is now available. WordPress 4.9.2 is a security and maintenance release for all versions since WordPress 3.7. It is strongly advised that you update your sites immediately.
The latest update fixes 22 bugs, including an XSS vulnerability in the Flash fallback files in MediaElement, which is a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.
MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.
At OutserveWeb, we recommend that you update your WordPress website regularly to minimise the risk of hacking. WordPress sites should not be updated without having a backup first. No website is 100% hack proof but securing your site will significantly reduce the risk and if the worst does happen backups of your site can be restored to ensure any down time is kept to a minimum.