WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Dell Poweredge R610 2x Xeon L5640 2.26hz Hex Core  96gb  2x 600gb 10k  Perc6i picture
Dell Poweredge R610 2x Xeon L5640 2.26hz Hex Core 96gb 2x 600gb 10k Perc6i
$414.99


Kingston 8GB Kit 2 x 4GB PC2-6400 ECC Reg 240 Pin Server DIMM RAM KTH-BL495K2/8G picture
Kingston 8GB Kit 2 x 4GB PC2-6400 ECC Reg 240 Pin Server DIMM RAM KTH-BL495K2/8G
$19.95


Dell Poweredge R610 2x Xeon L5640 2.26hz Hex Core  96gb  2x 450gb 10k  Perc6i picture
Dell Poweredge R610 2x Xeon L5640 2.26hz Hex Core 96gb 2x 450gb 10k Perc6i
$384.99


DELL POWEREDGE R630 8 BAY 2 X E5-2697V4 2.3GHZ 768GB 4 X 600GB 10K SAS H730 picture
DELL POWEREDGE R630 8 BAY 2 X E5-2697V4 2.3GHZ 768GB 4 X 600GB 10K SAS H730
$15759.0


DELL POWEREDGE R730 8 BAY TWO E5-2620V3 2.4GHZ 192GB 7 X 300GB 15K SAS H730 picture
DELL POWEREDGE R730 8 BAY TWO E5-2620V3 2.4GHZ 192GB 7 X 300GB 15K SAS H730
$5559.0


DELL POWEREDGE R630 10 BAY TWO E5-2603V3 1.6GHZ 64GB 7 X 2TB SAS 12G H730 picture
DELL POWEREDGE R630 10 BAY TWO E5-2603V3 1.6GHZ 64GB 7 X 2TB SAS 12G H730
$5309.0


DELL POWEREDGE R630 8 BAY 2 X E5-2630LV4 1.8GHZ 192GB 1TB SATA H730 picture
DELL POWEREDGE R630 8 BAY 2 X E5-2630LV4 1.8GHZ 192GB 1TB SATA H730
$5939.0


DELL POWEREDGE R730 8 BAY TWO E5-2630V3 2.4GHZ 32GB 1.2TB 10K SAS H730 picture
DELL POWEREDGE R730 8 BAY TWO E5-2630V3 2.4GHZ 32GB 1.2TB 10K SAS H730
$3559.0