It is advised that one applies the required patches and update the plugins/themes when a website runs on a CMS, such as WordPress, Drupal or Joomla. WordPress has been recently hit by a series of exploits and the latest recommended version is 4.2.2.
Today I saw that riverhouse.mu, which is the website of a small cozy hotel in Black River, Mauritius, got compromised. It is running WordPress v3.9.6.
CERT-MU was notified on 27 May 2015.