WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 192GB-16 H730P 2.5in RPS picture
Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 192GB-16 H730P 2.5in RPS
$2420.99


Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 192GB-16 2x 480GB H730P RPS picture
Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 192GB-16 2x 480GB H730P RPS
$3309.02


Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 3TB 2x 480GB H730P picture
Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 3TB 2x 480GB H730P
$3785.21


Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 4TB 2x 480GB H730P picture
Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 4TB 2x 480GB H730P
$4011.15


Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 4TB H730P 3.5in RPS picture
Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 4TB H730P 3.5in RPS
$3121.69


Intel 82599ES 10Gbps Dual Port PCI-E X520-DA2 E10G42BTDA Ethernet Server Adapter picture
Intel 82599ES 10Gbps Dual Port PCI-E X520-DA2 E10G42BTDA Ethernet Server Adapter
$99.99


Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 3TB SAS H730P 3.5in picture
Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 3TB SAS H730P 3.5in
$2895.75


Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 600GB 15K SAS H730P picture
Dell R730xd 12-Core Server 2x E5-2620 v3 2.4GHz 128GB-16 12x 600GB 15K SAS H730P
$3935.36