This question has been answered by alejaaandro. See the first response.
* Experienced MODX developers can do an interim manual patch on 2.6.x and above by replacing the follow...
The patch helps to keep you safe, but there are also other vulnerabilities like the ones in 2.5.2 that you'd need to consider. Upgrading is the best way to make sure you have it all.[ed. note: adminadlec last edited this post 5 years, 9 months ago.]
MODX 2.6.5 has a 5.3.3 minimum requirement, however some extras require a higher version and may break if you update those. A lot of my extras will refuse to install on 5.3. At the very least update Gallery if you use it (should be fine on 5.3), but stay away from the more recent Formit until you've updated PHP. I don't know about other extras that break, but one of my clients had an issue with FormIt on 5.3 yesterday.