Ironically, on the same day I received the recent MODX security alert (the first one in a long time) about the 2.6.x versions , I got this message from the host of a WordPress site I built for a friend (I've removed the domain information and details). I updated the site not that long ago. I get these all the time:

It appears patches are available for application(s) installed in the following path(s):

Privilege escalation vulnerability in WordPress

XSS vulnerability in WordPress

XSS vulnerability in WordPress

Privilege escalation vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Code injection vulnerability in WordPress

Code injection vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

XSS vulnerability in WordPress

XSS vulnerability in WordPress

If you are working with a development partner, please forward this email on to them as they will be able to take care of the update for you. Otherwise, we will automatically apply the above patches within seven days.

It appears patches are available for application(s) installed in the following path(s):

Privilege escalation vulnerability in WordPress

XSS vulnerability in WordPress

XSS vulnerability in WordPress

Privilege escalation vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Code injection vulnerability in WordPress

Code injection vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

Incorrect permissions vulnerability in WordPress

XSS vulnerability in WordPress

XSS vulnerability in WordPress

If you are working with a development partner, please forward this email on to them as they will be able to take care of the update for you. Otherwise, we will automatically apply the above patches within seven days.