WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



HP ProLiant DL380 G9 Server 2.60Ghz 16-Core 256GB 3x 960GB SSD 13x 1.2TB 12G picture
HP ProLiant DL380 G9 Server 2.60Ghz 16-Core 256GB 3x 960GB SSD 13x 1.2TB 12G
$4543.0


HP ProLiant DL360 G9 Server 2.30Ghz 24-Core 256GB 2x 960GB SSD 6x 1.2TB 12G picture
HP ProLiant DL360 G9 Server 2.30Ghz 24-Core 256GB 2x 960GB SSD 6x 1.2TB 12G
$3275.8


HP ProLiant DL360 G9 Server 2.40Ghz 20-Core 256GB 2x 960GB SSD 6x 1.2TB 12G picture
HP ProLiant DL360 G9 Server 2.40Ghz 20-Core 256GB 2x 960GB SSD 6x 1.2TB 12G
$3212.0


HP ProLiant DL360 G9 Server 2.60Ghz 16-Core 256GB 2x 960GB SSD 6x 1.2TB 12G picture
HP ProLiant DL360 G9 Server 2.60Ghz 16-Core 256GB 2x 960GB SSD 6x 1.2TB 12G
$3245.0


Dell PowerEdge R620 Server 2x 2.80Ghz E5-2680v2 10C 72GB 10x 960GB SSD High-End picture
Dell PowerEdge R620 Server 2x 2.80Ghz E5-2680v2 10C 72GB 10x 960GB SSD High-End
$1949.2


Dell PowerEdge R620 Server 2x 2.80Ghz E5-2680v2 10C 72GB 8x 960GB SSD High-End picture
Dell PowerEdge R620 Server 2x 2.80Ghz E5-2680v2 10C 72GB 8x 960GB SSD High-End
$1769.04


HP ProLiant DL360P G8 Server 20-Core 384GB 3x 960GB SSD 7x1.2TB Energy-Efficient picture
HP ProLiant DL360P G8 Server 20-Core 384GB 3x 960GB SSD 7x1.2TB Energy-Efficient
$1718.28


Lot of 5 Intel SR0L8 Xeon E3-1607 LGA 2011/Socket R 3.0GHz Server CPU picture
Lot of 5 Intel SR0L8 Xeon E3-1607 LGA 2011/Socket R 3.0GHz Server CPU
$49.46