There is always a time where you have to wait before you update your live site, but what happens during that time where you are actually exposed to a vulnerability already discovered and released?
One of your options is to hide the WordPress version number (not the actual solution but it helps as your site won't come out on google search via WordPress version number)
Here's how you can do this:
Add the following function to you functions.php
function wp_hack_remove_version() {
return '';
} add_filter('the_generator', 'wp_hack_remove_version');