Sucuri and WordPress Security Teams have been working to patch a cross site scripting security vulnerability for the past week. The vulnerability affects plugins that use the add_query_arg and remove_query_arg. Many of the affected plugins have been updated already. It is important that you update your plugins as soon as possible!
Publisher: InMotion Hosting
You can watch this video also at the source.