WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



LENOVO THINKSERVER RD650 E5-2695V4 2.1GHZ 48GB 4 X 1TB SATA picture
LENOVO THINKSERVER RD650 E5-2695V4 2.1GHZ 48GB 4 X 1TB SATA
$5069.0


DELL POWEREDGE R730XD SERVER 24 BAY E5-2609V4 1.7GHZ 64GB 24 X 250GB SATA H730 picture
DELL POWEREDGE R730XD SERVER 24 BAY E5-2609V4 1.7GHZ 64GB 24 X 250GB SATA H730
$4009.0


DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2683V3 2.0GHZ 64GB 22 X 600GB 10K 12G picture
DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2683V3 2.0GHZ 64GB 22 X 600GB 10K 12G
$8529.0


DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2650V3 2.3GHZ 128GB 6 X 250GB SATA H7 picture
DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2650V3 2.3GHZ 128GB 6 X 250GB SATA H7
$5619.0


DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2643V4 3.4GHZ 64GB 22 X 1TB SATA H730 picture
DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2643V4 3.4GHZ 64GB 22 X 1TB SATA H730
$7159.0


DELL POWEREDGE R820 SERVER 8B TWO E5-4603V2 2.2GHZ 192GB 7 X 1.6TB SSD H710 picture
DELL POWEREDGE R820 SERVER 8B TWO E5-4603V2 2.2GHZ 192GB 7 X 1.6TB SSD H710
$8089.0


DELL POWEREDGE R730XD SERVER 24 BAY E5-2699V4 2.2GHZ 256GB 16 X 500GB SAS H730 picture
DELL POWEREDGE R730XD SERVER 24 BAY E5-2699V4 2.2GHZ 256GB 16 X 500GB SAS H730
$10879.0


DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2680V3 2.5GHZ 384GB 6 X 1.6TB SSD H73 picture
DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2680V3 2.5GHZ 384GB 6 X 1.6TB SSD H73
$14049.0