This year, in June, there have been already 4 Security Releases for WordPress. To compare, there have been 5 Security Releases for the whole year of 2016!
Here the link to the security log of WordPress:
https://wordpress.org/news/category/security/
You should always update WordPress and all your plugins. When a new version of WordPress or of a plugin is available, you will receive an update message in your WordPress Admin Screens.
For more information:
https://codex.wordpress.org/Updating_WordPress
Did you know that, according to WPBeginner, 83% of hacked WordPress sites hadn’t been updated? According to page.ly’s stats, WordPress sites are frequently hacked due to “outdated versions of: PHP, WordPress, themes, or plugins”. WebDesign.com says, “by not updating, you are leaving your sites buggy and open to being hacked.” Finally, WordPress founder Matt Mullenweg begs users to update WordPress in How to Keep WordPress Secure. (Source: Optimwize)
Last but not least: Be sure to do a backup of your website before doing an update! (files & database)