Every single piece of software required to run your application needs to be kept up-to-date with the latest patches and security updates. Website vulnerabilities come in all shapes and sizes, so it is important to update your CMS along with any third party components like plugins, themes, and extensions.
Don’t neglect your server, apache and php. They also need to be up to date. By keeping everything updated, you reduce the prospects of having vulnerabilities endanger your website.