WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Lot of (5) Samsung 4GB 2Rx4 PC3-10600R-09-10-E1-D2 DDR3 Server Memory Ram picture
Lot of (5) Samsung 4GB 2Rx4 PC3-10600R-09-10-E1-D2 DDR3 Server Memory Ram
$99.0


Microsoft Windows Server 2016 Essentials Raid 5 Office Home Business 3x2TB  G613 picture
Microsoft Windows Server 2016 Essentials Raid 5 Office Home Business 3x2TB G613
$1349.0


Supermicro SuperChassis 815TQC-R706CB Computer Case picture
Supermicro SuperChassis 815TQC-R706CB Computer Case
$624.61


POWEREDGE R230 E3-1220V6 1P picture
POWEREDGE R230 E3-1220V6 1P
$893.11


Navepoint 9U Deluxe IT Wallmount Cabinet Enclosure 19-Inch Server Network...  picture
Navepoint 9U Deluxe IT Wallmount Cabinet Enclosure 19-Inch Server Network...
$229.97


NavePoint Cantilever Server Shelf Vented Shelves Rack Mount 19
NavePoint Cantilever Server Shelf Vented Shelves Rack Mount 19" 1U Black 10"...
$35.15


Navepoint 12U Deluxe IT Wallmount Cabinet Enclosure 19-Inch Server Network...  picture
Navepoint 12U Deluxe IT Wallmount Cabinet Enclosure 19-Inch Server Network...
$335.78


Microsoft SQL Server 2005 Developer Edition includes Key 7 disc - open box picture
Microsoft SQL Server 2005 Developer Edition includes Key 7 disc - open box
$0.99