WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Dell OEM PowerEdge T620 Server 16.5 Inch Mini-SAS Bp-b To SAS B  Cables N2HFN picture
Dell OEM PowerEdge T620 Server 16.5 Inch Mini-SAS Bp-b To SAS B Cables N2HFN
$4.95


DELL 2.5
DELL 2.5" 146GB 10K SAS 6 Gbps Savvio Enterprise ST146803SS X160K
$10.0


IBM 2.5
IBM 2.5" 500GB 7.2K SAS 6GB/s System X 42D0708
$10.0


256GB (16X16GB) Samsung HP 16GB 2RX4 PC4-2133P DDR4 Server Memory original LOT picture
256GB (16X16GB) Samsung HP 16GB 2RX4 PC4-2133P DDR4 Server Memory original LOT
$550.0


StarTech.com 10/100Mbps Ethernet to USB 2.0 Network Print Server picture
StarTech.com 10/100Mbps Ethernet to USB 2.0 Network Print Server
$36.0


(Lot of 4) Dell 3TB 7.2k SAS Server Harddrive with Dock picture
(Lot of 4) Dell 3TB 7.2k SAS Server Harddrive with Dock
$99.99


NETGEAR Stora Network Attached Storage Home Media Server w/2x 1Tb 7200 RPM HDDs picture
NETGEAR Stora Network Attached Storage Home Media Server w/2x 1Tb 7200 RPM HDDs
$70.0


DELL PowerEdge R710 Server 2×Six-Core Xeon 2.93GHz + 72GB RAM + 6×4TB SATA RAID picture
DELL PowerEdge R710 Server 2×Six-Core Xeon 2.93GHz + 72GB RAM + 6×4TB SATA RAID
$466.66