WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Dell PowerEdge T310 Server Tower w/ Intel Xeon X3430@ 2.4GHz 4 Core & 8GB RAM picture
Dell PowerEdge T310 Server Tower w/ Intel Xeon X3430@ 2.4GHz 4 Core & 8GB RAM
$140.0


Dell Poweredge 2900 Intel Xenon Quad Core 2GHz 1GB DDR2 Windows Server #CT52 picture
Dell Poweredge 2900 Intel Xenon Quad Core 2GHz 1GB DDR2 Windows Server #CT52
$99.99


Intel Xeon E5-2609 SR0LA 2.4GHz 3230C399 Server CPU and Heat Sink #3 picture
Intel Xeon E5-2609 SR0LA 2.4GHz 3230C399 Server CPU and Heat Sink #3
$49.99


Hynix 8GB (4 x 2GB ) HMT125R78FR8C 2Rx8 PC3-10600R Server Ram 11 picture
Hynix 8GB (4 x 2GB ) HMT125R78FR8C 2Rx8 PC3-10600R Server Ram 11
$39.99


DELL PowerEdge R720 Server 2x 2.90Ghz E5-2690 8C 192GB 12x 8TB SAS 12G High-End picture
DELL PowerEdge R720 Server 2x 2.90Ghz E5-2690 8C 192GB 12x 8TB SAS 12G High-End
$4433.0


Kingston KTM5780LP/8G 16GB (4X4GB) DDR2 ECC RAM PC2-5300F 667MHz Server Memory picture
Kingston KTM5780LP/8G 16GB (4X4GB) DDR2 ECC RAM PC2-5300F 667MHz Server Memory
$45.95


4pcs Mircon 16GB 2Rx4 PC3L-10600R DDR3 1333Mh​z REG-DIMM ECC SERVER Memory @1H picture
4pcs Mircon 16GB 2Rx4 PC3L-10600R DDR3 1333Mh​z REG-DIMM ECC SERVER Memory @1H
$183.24


Dell PowerEdge R610 2x X5570 2.93GHz Quad Core 16GB 6x 256GB SATA SSD PERC 6/i picture
Dell PowerEdge R610 2x X5570 2.93GHz Quad Core 16GB 6x 256GB SATA SSD PERC 6/i
$1040.0