A comprehensive set of updates has been made, and the latest versions of Wordpress and all associated Plug Ins, some of which contained security fixes were all applied no later than last weekend.
As you may be aware, the Shop and the Forum are completely separate in registration terms, and the notification we got advising of as possible breach was for one admin user on the Shop side. We felt it important to advise everyone registered just on the forum as well, and to point out that if - as many people still do - you use the same password on more than one site, to change it everywhere you use it.