There is an announcement recently last week about the vulnerability of the WordPress attacks via XSS according to the security blog, the vulnerability affecting multiple WordPress plugins and themes.
The issue links to the common functions of WordPress core that plugin or theme developers are using such function add_query_arg, remove_query_arg.
You can find the list of plugins that have been found to be affected in here but the interesting one, even JetPack is affected but already corrected in version 3.4.3.
Please keep your eyes on WordPress update for both core, plugins and theme.
More detail you can find following blogs to read:
- http://marketblog.envato.com/news/wordpress-item-security-vulnerability/
- https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
- http://wptavern.com/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins
- https://poststatus.com/coordinated-plugin-updates-to-address-security-vulnerability-in-many-popular-wordpress-plugins/