WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



HP J7997-61011 Jetdirect 630N Gigabit Ethernet Print Server picture
HP J7997-61011 Jetdirect 630N Gigabit Ethernet Print Server
$29.99


Intel I350-T4 4-Port Gigabit Server Network Adapter Card PCIe I350T4V2BLK LP picture
Intel I350-T4 4-Port Gigabit Server Network Adapter Card PCIe I350T4V2BLK LP
$47.99


Dell 16GB (4x4GB) DDR2 PC2-5300F ECC 99L0180-001.A00LF SNP9F035CK2/8G Server picture
Dell 16GB (4x4GB) DDR2 PC2-5300F ECC 99L0180-001.A00LF SNP9F035CK2/8G Server
$4.0


Perle IOLAN SCS48C 48-Port Console Server 04030740 picture
Perle IOLAN SCS48C 48-Port Console Server 04030740
$249.95


Dell PowerEdge R720xd Xeon E5-2670 v2 2.50GHz x2 256GB RAM  PERC H710 Mini  picture
Dell PowerEdge R720xd Xeon E5-2670 v2 2.50GHz x2 256GB RAM PERC H710 Mini
$0.99


Dell R720 16-Core Server 2x E5-2690 2.9GHz 256GB 16x 240 15K SAS H710P 16 Bay picture
Dell R720 16-Core Server 2x E5-2690 2.9GHz 256GB 16x 240 15K SAS H710P 16 Bay
$400.0


Samsung 2GB (1x2GB) PC3-8500E 2Rx8 DDR3 Server Memory M391B5673EH1-CF8  picture
Samsung 2GB (1x2GB) PC3-8500E 2Rx8 DDR3 Server Memory M391B5673EH1-CF8 
$2.24


Aberdeen Storage  server w/ Qty. 24 HUA722020ALA330 picture
Aberdeen Storage server w/ Qty. 24 HUA722020ALA330
$750.0