If your website uses WordPress plugins or Magento e-commerce software, you might need to perform updates to protect your site from several major security vulnerabilities, following security alerts from WordPress.org and Check Point.
Multiple WordPress plugins are now vulnerable to Cross-Site Scripting (XSS) due the misuse of the add_query_arg() and remove_query_arg() functions. These functions are used in multiple plugins, so you should update all outdated plugins within your wp-admin dashboard.
The second major vulnerability, which is related to Magento e-commerce software, allows for Remote Command Execution on any site that is running an outdated version of Magento. We strongly suggest that you install the latest patches for Magento.
How to update WordPress plugins and Magento software
For help updating vulnerable WordPress plugins, please see “Managing Plugins.”
To patch Magento, check out these instructions.