WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



PERC GEN14 H330+ PCI 12G DELL POWEREDGE SERVER T440 T640 R540 R440 75D1H/TD2NM picture
PERC GEN14 H330+ PCI 12G DELL POWEREDGE SERVER T440 T640 R540 R440 75D1H/TD2NM
$109.88


Dell PowerEdge 2650 Server T75247 picture
Dell PowerEdge 2650 Server T75247
$250.0


DELL POWEREDGE R730 LFF 8 BAY E5-2609V3 1.9GHZ 16GB 2133MHZ 2 X 600GB 15K SAS H3 picture
DELL POWEREDGE R730 LFF 8 BAY E5-2609V3 1.9GHZ 16GB 2133MHZ 2 X 600GB 15K SAS H3
$1599.0


Full Depth 44U Network/server Rack w/ side panels (not pictured) picture
Full Depth 44U Network/server Rack w/ side panels (not pictured)
$150.0


Full Depth 44U Network/server Rack w/ side panels (not pictured) picture
Full Depth 44U Network/server Rack w/ side panels (not pictured)
$150.0


6 x  2GB 2RX8 DDR2 PC2-6400E & 4x 2GB 2Rx8 PC2 5300E SERVER MEMORY MIXED BRAND picture
6 x 2GB 2RX8 DDR2 PC2-6400E & 4x 2GB 2Rx8 PC2 5300E SERVER MEMORY MIXED BRAND
$49.99


Nanya NT1GT72U8PA1BY-3C 1GB PC2-5300E ECC DDR2-667 Server Memory RAM picture
Nanya NT1GT72U8PA1BY-3C 1GB PC2-5300E ECC DDR2-667 Server Memory RAM
$28.99


HP ATSN 7001044-Y000 1000W SERVER POWER SUPPLY HSTNS-PR01 380622-001 P500 picture
HP ATSN 7001044-Y000 1000W SERVER POWER SUPPLY HSTNS-PR01 380622-001 P500
$32.05