Code execution: How to correct WordPress vulnerabilities or preventive measures?

I have a WordPress site that runs in version 4.9.8. In the recent security audit conducted by the organization, the following problems were reported.

one) WordPress: CVE-2017-1000600: The input validation vulnerability in the thumbnail processing can result in remote code execution.

Affected versions: WordPress version <4.9 contains

two) WordPress: CVE-2018-1000773: The input validation vulnerability in the thumbnail processing can result in remote code execution.

Affected versions: WordPress version 4.9.8 and earlier

3) WordPress: CVE-2018-14028: The plugin and load theme functionalities do not delete the loaded files after failure conditions.

Affected versions: WordPress 4.9.7.

The following are my questions.

1) Are points 1 and 2 invalid in my case since I am in version 4.9.8?

2) Are these problems solved in the last update?

The latest version of WordPress security is WordPress 5.0.1 Security version

If the problems are not solved in the latest version. Is there any form or supplement that can help me solve these problems?