WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Dell PowerEdge R730 2x E5-2690v3 2.6GHz 12 Core 384GB 8x 146GB 15K SAS H730 RAID picture
Dell PowerEdge R730 2x E5-2690v3 2.6GHz 12 Core 384GB 8x 146GB 15K SAS H730 RAID
$8825.0


Dell Poweredge R720 16 Bay Server 2x 6C 2.3GHZ/15MB 128GB 6x 1.2TB 10K H710 RPS picture
Dell Poweredge R720 16 Bay Server 2x 6C 2.3GHZ/15MB 128GB 6x 1.2TB 10K H710 RPS
$2008.44


DELL POWEREDGE R720 8B 2.5 SERVER E5-2667 2.90GHZ 32GB 5 X 800GB SSD H710P picture
DELL POWEREDGE R720 8B 2.5 SERVER E5-2667 2.90GHZ 32GB 5 X 800GB SSD H710P
$3269.0


DELL POWEREDGE R720 8B 2.5 SERVER TWO E5-2630V2 2.60GHZ 48GB 7 X 1.6TB SSD H310 picture
DELL POWEREDGE R720 8B 2.5 SERVER TWO E5-2630V2 2.60GHZ 48GB 7 X 1.6TB SSD H310
$6309.0


HP PROLIANT DL360P G8 Gen8 SERVER E5-2609V2 2.50GHZ 32GB 8 X 600GB SSD picture
HP PROLIANT DL360P G8 Gen8 SERVER E5-2609V2 2.50GHZ 32GB 8 X 600GB SSD
$2599.0


DELL POWEREDGE R430 SERVER E5-2637V3 3.5GHZ 6 X 32GB 2133MHZ LRDIMM 4 X 2TB S130 picture
DELL POWEREDGE R430 SERVER E5-2637V3 3.5GHZ 6 X 32GB 2133MHZ LRDIMM 4 X 2TB S130
$4519.0


DELL POWEREDGE R630 10 BAY TWO E5-2690V4 2.6GHZ 192GB NO HDD H730 picture
DELL POWEREDGE R630 10 BAY TWO E5-2690V4 2.6GHZ 192GB NO HDD H730
$7269.0


HP PROLIANT DL360P G8 Gen8 SERVER TWO E5-2650 2.0GHZ 192GB 4 X 800GB SAS SSD picture
HP PROLIANT DL360P G8 Gen8 SERVER TWO E5-2650 2.0GHZ 192GB 4 X 800GB SAS SSD
$6079.0