Admins of WordPress websites should update the CMS for security reasons. Otherwise, attackers could attack sites.
As a warning message shows, attackers do not seem to be targeting the loopholes yet. The information on the vulnerabilities is extremely sparse. In the article there are no CVE numbers and no classification of the degree of threat.
Attackers could probably perpetuate themselves persistently with an XSS attack on a WordPress website. Malicious code is usually stored on a server and delivered when you visit the site. In two other cases it sounds like attackers could execute their own SQL commands.
Patch now!
The developers state that the versions between 3.7 and 5.8 are threatened. They affirm that they fill in the loopholes in the Edition 5.8.3 have closed. Admins can initiate updates in the dashboard.
(of)