4
My understanding is that as long as you don't give your Admin access to a hacker, you're safe.
You need to be an Admin, to take advantage of this attack.
If you look at the video, you see that he is logging in as an Admin first....
I assume that the Core team will provide a fix for XOOPS 2.5.5, but again - it is a "low level" issue, so no reason for a major worry.