Early last week there was a major news release that many popular plugins and themes used by website owners and bloggers were vulnerable to XSS (Cross site scripting). Both Themeforest and Sucuri published articles warning site owners of the risk and the need to update to new and upcoming patched versions. This vulnerability was due to the misuse of the functions add_query_arg() and remove_query_arg().
This WordPress vulnerability was just a reminder, but there are many other potential vulnerabilities that can put your site at risk; whether you are using WordPress, Joomla, another CMS, or custom frameworks – poor or incorrectly written code can pose a threat. It is a good idea to periodically have a web developer or software developer experienced in coding security best practices review your site for this newly identified vulnerability and others.