A few weeks back, it was discovered that there are security vulnerabilities in WordPress. The vulnerability is in Cross Site scripting and is due to the misuse of the add_query_arg() and remove_query_arg() functions. Read the nitty gritty on it from the folks at WordPress.
For most people, this is just a bunch of developer jargon. What does it really mean for WordPress website owners? It means you’ll need to update all your plugins, theme and WordPress installation. To update to the most current WordPress version 4.2.2, log into your dashboard. Under “Dashboard” on the left side menu you’ll find the “Updates” page. You can update everything from there. If your site is more than a year old, you may find that some of the plugins your developer installed for you can no longer be updated. If this is the case, we recommend contacting your developer to upload a new plugin that will give you the same or similar functionality. This will protect your website from hackers.
You can find a partial list of affected plugins here.
If you have any questions or can’t reach your old developer, connect with us and we’ll get you up to date.