The Sucuri blog has posted an article about many WordPress plugins which are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg and remove_query_arg functions. These common functions are used often in WordPress plugins to allow developers to modify and add query strings to URLs within WordPress.
The below list are plugins recognized to have contained these weaknesses and security flaws.
Google Analytics by Yoast
All In one SEO
Multiple Plugins from Easy Digital Downloads
Related Posts for WordPress
Multiple iThemes products including Builder and Exchange
The general advice given is to check the above and make sure they are up to date as all developers are being made aware of this issue and should be patching the plugins, there are probably many more but the above are the ones a lot of people have installed and out of date. In general it is always good practice to make sure your plugins and the WordPress CMS are kept up to date and regular maintenance is carried out. If you have a website and need help with this, backing up your site and making sure everything is safe and working then get in touch today.
For more information and to stay up to date follow The Sucuri blog.