Magento has recently released a security patch: SUPEE-6788. This patch resolves 10 security related issues that should be put into effect right away. We will be more than happy to apply the patch for you, if you require our assistance please do so via ticket.
If you have SSH access you can also patch your install by running the following, however before you do so please make sure to backup your site as this patch could possibly effect your sites functionality, you can read more about the changes here.
Make sure to run this in the root of the Magento install.
# wget https://s3.amazonaws.com/uploads.hipchat.com/31137/205915/px31F77iLrVIkDq/PATCH_SUPEE-6788_CE_22.214.171.124_v1-2015-10-26-11-38-41.sh ; chmod +x PATCH_SUPEE-6788_CE_126.96.36.199_v1-2015-10-26-11-38-41.sh ; ./PATCH_SUPEE-6788_CE_188.8.131.52_v1-2015-10-26-11-38-41.sh