“Several WordPress themes have been found to host a cross-site scripting (XSS) vulnerability, according to a professional penetration tester. If you have a WordPress blog and are using one of the affected themes, you need to download the fixed themes and install them to close the XSS flaws.
XSS vulnerabilities can be found in Unite, Salutation, Intersect, and Traject themes from Parallelus, said Janne Ahlberg, a Finnish product security professional and a penetration tester. The themes generally range between $30 and $60 and can be easily found on Themeforest.net, a theme marketplace for WordPress environments.
Despite its popularity as a blogging platform WordPress has had its own share of security issues in recent months. About a year ago, attackers exploited timthumb.php, an image resizing utility, and various XSS vulnerabilities were identified on the blog’s setup page. ”
More information on these issues at: http://threatpost.com/en_us/blogs/some-wordpress-themes-thousands-sites-open-xss-vulnerabilities-100312