WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



INTEL QLNS  GOLD 6148 es 20-core 2.4G server processor  CPU lga3647 picture
INTEL QLNS GOLD 6148 es 20-core 2.4G server processor CPU lga3647
$260.0


1PC 350W Server ST-352UAG-05E Firewall Power Supply Seventeam 2U New picture
1PC 350W Server ST-352UAG-05E Firewall Power Supply Seventeam 2U New
$161.3


NEW Kingston KTD-PE424D8/16G 16GB Module - DDR4 2400MHz For Server 16 GB picture
NEW Kingston KTD-PE424D8/16G 16GB Module - DDR4 2400MHz For Server 16 GB
$147.73


NEW HPE 815097-B21 SmartMemory 8GB DDR4 SDRAM Memory Module - 8 GB 1 x picture
NEW HPE 815097-B21 SmartMemory 8GB DDR4 SDRAM Memory Module - 8 GB 1 x
$421.34


NEW HPE 835955-B21 16GB DDR4 SDRAM Memory Module - 16 GB 1 x DDR4-2666/PC4-21300 picture
NEW HPE 835955-B21 16GB DDR4 SDRAM Memory Module - 16 GB 1 x DDR4-2666/PC4-21300
$421.94


NEW Lenovo 7X77A01302 16GB DDR4 SDRAM Memory Module - 16 GB 1 x picture
NEW Lenovo 7X77A01302 16GB DDR4 SDRAM Memory Module - 16 GB 1 x
$280.7


DELL Server R630 8 x 2.5 2x E5-2683 v3 768GB Ram  picture
DELL Server R630 8 x 2.5 2x E5-2683 v3 768GB Ram
$3551.0


Mini  SFF-8087 to 4  Hard Disk Cable Server Data Cable with 12Gbps V3D8 picture
Mini SFF-8087 to 4 Hard Disk Cable Server Data Cable with 12Gbps V3D8
$13.76