Different types of security issues can be experienced while using WordPress, like Cross Site Scripting (XSS), which is commonly referred to as XSS. Furthermore, there is another kind of danger that is thought to be more detrimental than a regular XSS assault – a Stored XSS. The National Vulnerability Database of the U.S. federal government has published warnings about multiple security flaws. CSRF is a type of attack that tricks an authenticated user into unknowingly executing unwanted actions on a web application. If the victim is just a regular user, a successful CSRF attack could force them to do tasks that change the state of the application, like moving money around, changing the user's email address, etc. These attacks have the potential to endanger the security of the entire web app. WordPress strongly suggested that all users update their websites without delay. In the official announcement, it was noted that this release includes a number of security patches. Owing to the fact that this is a security-based update, it is advisable to update your sites immediately. In addition, all versions of WordPress commencing from WordPress 3.7 also were updated.
(source: https://www.searchenginejournal.com/wordpress-vulnerabilities-6-0-3/473114/)