WordPress 4.0.1 is out, and you shouldn’t wait to install the update. This is an important security release that addresses serious issues. If you’ve got automatic updates on, you’re probably already rolling 4.0.1, but if you don’t, or if the automatic install failed for some reason, then now’s the time to update.
Older versions of WordPress are affected by the vulnerabilities as well, so make sure you update to 4.0.1 as soon as possible.