Security Issues Plague WordPress Plugins

According to Sucri,  a XSS issue has impacted numerous WordPress Plugins:

with probably more to come.
Make sure you upgrade to apply patches as soon as possible.
For DIY, the solution for developers of how to fix this issue: if you’re using either add_query_arg or remove_query_arg without passing in the URL, it bases the URL it creates off of $_SERVER['REQUEST_URI']. In that process, it URL decodes the parameter names in the request URI, allowing for XSS. The solution is to simply wrap the output in esc_url and you’re done. Not a hard fix, but it has to be done.