A coordinated plugin update occurred Monday morning between many popular WordPress plugins to address a common security vulnerability that allows for XSS cross-site scripting attacks.
The exact number of plugins affected is unknown, but a number of the most popular WordPress plugins are affected, and millions of websites are vulnerable due to this issue. Jetpack and Yoast’s WordPress SEO alone are active on well over a million websites.
Sucuri has identified a minimum of fifteen plugins affected, but they have only looked into the top 300-400 and others that were notable.
WordPress Security Update
On Tuesday, WordPress also rolled out Security Release 4.1.2.