WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



New  Synology Flashstation Fs3400 Nas/Storage Server Ethernet Lan Rack (2U) picture
New Synology Flashstation Fs3400 Nas/Storage Server Ethernet Lan Rack (2U)
$8529.96


DELL 8GB SD CARD POWEREDGE SERVER R720 SC8000 M2MD6 picture
DELL 8GB SD CARD POWEREDGE SERVER R720 SC8000 M2MD6
$59.0


Server Rack Rackmount Cabinet Black Great Lakes 44U picture
Server Rack Rackmount Cabinet Black Great Lakes 44U
$750.0


Hewlett Packard Enterprise Proliant Dl360 Gen10 Server 2.1 Ghz Intel® Xeon® 6130 picture
Hewlett Packard Enterprise Proliant Dl360 Gen10 Server 2.1 Ghz Intel® Xeon® 6130
$12624.98


New  Synology Sa3400 Nas/Storage Server Ethernet Lan Rack (2U) Black SA3400 picture
New Synology Sa3400 Nas/Storage Server Ethernet Lan Rack (2U) Black SA3400
$7054.64


StarTech.com 1 Port USB Wireless N Network Print Server w/ 10/100 Mbps Ethernet picture
StarTech.com 1 Port USB Wireless N Network Print Server w/ 10/100 Mbps Ethernet
$40.0


128GB (8x16GB) 16GB  4Rx4 PC3L-10600 ECC Reg Server Memory RAM Upgrade Kit picture
128GB (8x16GB) 16GB  4Rx4 PC3L-10600 ECC Reg Server Memory RAM Upgrade Kit
$134.99


Hewlett Packard Enterprise Proliant Dl380 Gen10 Server 2.1 Ghz Intel® Xeon® 4110 picture
Hewlett Packard Enterprise Proliant Dl380 Gen10 Server 2.1 Ghz Intel® Xeon® 4110
$7398.56