Wordpress vulnerability leaves millions of servers open to hacks | Cyber Criminals Most Wanted

WordPress vulnerability leaves millions of servers open to hacks

WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x900Gb SAS, Proxmox

$340.00

Supermicro 4U 36 Bay Storage Server 2.4Ghz 8-C 128GB 1x1280W Rails TrueNAS ZFS

$712.98

DELL PowerEdge R730XD 24x 2.5" Server Dual 750W Dual Heatsink - BareBones TESTED

$269.99

Dell PowerEdge R7525 Server 24X2.5(8XNVME)+H745 2xEPYC 7302 CPU 128G RAM 2x2400W

$3350.00

Dell PowerEdge R620 Server 2x E5-2660 v1 2.2GHz 16 Cores 256GB RAM 2x 300GB HDD

$89.99

Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD

$389.99

SuperMicro Server 505-2 Intel Atom 2.4GHz 8GB RAM SYS-5018A-FTN4 1U Rackmount

$202.49

HP ProLiant DL360 G9 2x Xeon E5-2690 V3 24 Cores 2.6GHz P440ar 32GB DDR4

$119.99

DELL PowerEdge R730 Server 2x E5-2680v4 2.4GHz =28 Cores 32GB H730 4xRJ45

$284.00

PowerEdge R710 Rackmount Server 80GB RAM 2x XEON E5520 CPU 4.75TB

$200.00

By cyber|May 7th, 2015|Cyber News|0 Comments