WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



IBM PRO/1000 XT Single Port GE Server Adapter Network Interface Card (22P6809) picture
IBM PRO/1000 XT Single Port GE Server Adapter Network Interface Card (22P6809)
$13.99


Dell PowerEdge R720xd 2x E5-2620 2.0GHz 6 Core 192GB 12x 600GB 15K SAS H710P picture
Dell PowerEdge R720xd 2x E5-2620 2.0GHz 6 Core 192GB 12x 600GB 15K SAS H710P
$4800.0


8GB (2 x 4GB) DDR3 1066MHz PC3-8500 240-PIN ECC REGISTERED RDIMM SERVER RAM KIT picture
8GB (2 x 4GB) DDR3 1066MHz PC3-8500 240-PIN ECC REGISTERED RDIMM SERVER RAM KIT
$75.17


Dell PowerEdge R720xd 2x E5-2620 2.0GHz 6 Core 96GB 12x 3TB 7.2K SAS H710P picture
Dell PowerEdge R720xd 2x E5-2620 2.0GHz 6 Core 96GB 12x 3TB 7.2K SAS H710P
$3670.0


HP ProLiant DL380 G7 2x X5670 2.93GHz 6 Core 32GB 8x 600GB 10K SAS P410i 512MB picture
HP ProLiant DL380 G7 2x X5670 2.93GHz 6 Core 32GB 8x 600GB 10K SAS P410i 512MB
$2402.77


Microsoft Windows Server 2003 R2 Standard Edition with 5 CALs, Product Key picture
Microsoft Windows Server 2003 R2 Standard Edition with 5 CALs, Product Key
$49.99


HP ProLiant DL380 G7 2x X5670 2.93GHz 6 Core 16GB 8x 900GB 10K SAS P410i 512MB picture
HP ProLiant DL380 G7 2x X5670 2.93GHz 6 Core 16GB 8x 900GB 10K SAS P410i 512MB
$4108.17


NIB - HPE 512MB FLASH BACKED WRITE CACHE FOR HPE SERVER - 71940 picture
NIB - HPE 512MB FLASH BACKED WRITE CACHE FOR HPE SERVER - 71940
$81.1