All versions earlier than, and including 6.97 contain a vulnerability which allows Cross-Site Scripting (XSS).
With over 2 million active installations, this vulnerability has the potential to be high impact, however, this is lessened by the nature of the vulnerability, which requires either an admin account or database compromise to already be in place. (e.g your site or hosting account would have had to be hacked via another method already for this to work)
The vulnerability can be tested by going to the backup history within your WordPress admin dashboard and double clicking the backup description. The edit box allows for un-sanitised input which allows malicious users to run queries on the database.
All users should upgrade to version 7.0 or above (released on July 17th 2019) immediately to avoid any potential compromise of their website.