Anyone using a WordPress website needs to be aware of this current security issue and take immediate action to ensure your website is secure. It has been found that a lot of Plugins and Themes are vulnerable to Cross-site Scripting (XSS) due to the misuse of two coding functions.
(the add_query_arg() and remove_query_arg() functions)
What should I do?
Well you could review the code and search for the two functions listed above. Then make sure it is properly escaped or you could just – Update, Update, Update, Patch, Patch, Patch…
You should make sure your site is updated to WordPress 4.2.1 or later and make sure your plugins and themes are also up to date. I will go further and say I strongly recommend continuing to check for updates over the next few weeks.
More details are available via the following links: