WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



NEW HP ProLiant DL360p GEN8 G8 2x 6C E5-2643v2 3.5GHz 768GB 1U Server 654081-B21 picture
NEW HP ProLiant DL360p GEN8 G8 2x 6C E5-2643v2 3.5GHz 768GB 1U Server 654081-B21
$4797.58


NEW HP ProLiant DL360p GEN8 G8 2x 8C E5-2690 2.90GHz 768GB 1U Server 654081-B21 picture
NEW HP ProLiant DL360p GEN8 G8 2x 8C E5-2690 2.90GHz 768GB 1U Server 654081-B21
$4569.12


NEW HP ProLiant DL360p GEN8 G8 2x 6C E5-2643v2 3.5GHz 384GB 1U Server 654081-B21 picture
NEW HP ProLiant DL360p GEN8 G8 2x 6C E5-2643v2 3.5GHz 384GB 1U Server 654081-B21
$3883.75


1GB Smart SM5722845D8E8CHSEH PC2100R 266MHz 184-P DDR1 ECC Server Memory RAM picture
1GB Smart SM5722845D8E8CHSEH PC2100R 266MHz 184-P DDR1 ECC Server Memory RAM
$18.57


1GB Samsung M391B2873FH0-CH9 PC3-10600E DDR3 1Rx8 Unbuffered ECC Server Memory picture
1GB Samsung M391B2873FH0-CH9 PC3-10600E DDR3 1Rx8 Unbuffered ECC Server Memory
$14.59


NEW HP ProLiant DL360p GEN8 G8 2x 6C E5-2643v2 3.5GHz 192GB 1U Server 654081-B21 picture
NEW HP ProLiant DL360p GEN8 G8 2x 6C E5-2643v2 3.5GHz 192GB 1U Server 654081-B21
$3274.54


NEW HP ProLiant DL360p GEN8 G8 2x 8C E5-2690 2.90GHz 192GB 1U Server 654081-B21 picture
NEW HP ProLiant DL360p GEN8 G8 2x 8C E5-2690 2.90GHz 192GB 1U Server 654081-B21
$3046.08


NEW HP ProLiant DL360p GEN8 G8 2x 8C E5-2650v2 2.6GHz 192GB 1U Server 654081-B21 picture
NEW HP ProLiant DL360p GEN8 G8 2x 8C E5-2650v2 2.6GHz 192GB 1U Server 654081-B21
$3274.54