WordPress.org (self-hosted WordPress) users – there is an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes.
As of 4/26/15, this is the list of affected plugins:
Google Analytics by Yoast
All In one SEO
Multiple Plugins from Easy Digital Downloads
Related Posts for WordPress
Multiple iThemes products including Builder and Exchange
WordPress updates are a must!
The best way to combat this is to make sure your WordPress, themes, and plugins are kept up-to-date at all times. Check for updates and apply those available as soon as possible.