From a local forum about web hosting in Indonesia, one of the Community Guide make a post that asked us to update our WordPress installation, which included Plugins and Themes.
The main problem of Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.
This is some of the affected Plugins :
Google Analytics by Yoast
All In one SEO
Multiple Plugins from Easy Digital Downloads
Related Posts for WordPress
Multiple iThemes products including Builder and Exchange
Some article explanation can be read from :