WordPress 3.9.2 was made available last night which fixes a critical security vulnerability in previous versions of WordPress going back to 3.7.x.
This release fixes a possible denial of service issue in PHP’s XML processing and a number of slightly less severe security issues.
You are advised to update the WordPress core immediately to patch the vulnerability.
WordPress is pushing out automatic updates to sites running 3.8.4 and 3.7.2 along with all sites at 3.9.1 so be aware and turn off automatic updates if you are concerned this may effect customisations.
Please also ensure you run a full database and file backup prior to updating, better to be safe than sorry!