Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins. Keep your fingers on that update button folks.
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the addqueryarg() and removequeryarg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.