Plone's security team releases regular updates every four months. These fixes almost exclusively contain fixes and security improvements found by the security team's audits.
There may be hotfixes applicable to your version of Plone. Always check the Plone Hotfix Page before production deployment.
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.
If you think you found a security related problem, please report it responsibly.
All about Plone's baked-in security
Descriptions of the individual hotfixes and the vulnerabilities they address.
The Plone Security Team will announce and pre-announce all hotfixes via this URL.