WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



SuperMicro X8DTU-6TF+ Server Motherboard Dual Xeon Socket LGA1366  picture
SuperMicro X8DTU-6TF+ Server Motherboard Dual Xeon Socket LGA1366
$69.99


16GB 2 x 8GB ECC FULLY BUFFERED PC2-5300 DIMM DDR2 667 MHz FB Server Memory RAM picture
16GB 2 x 8GB ECC FULLY BUFFERED PC2-5300 DIMM DDR2 667 MHz FB Server Memory RAM
$19.0


Crucial Micron 32GB 8GBx4 ECC DDR3 1600MHz SERVER RAM CT8G3ERSLD8160B RDIMM 8GB picture
Crucial Micron 32GB 8GBx4 ECC DDR3 1600MHz SERVER RAM CT8G3ERSLD8160B RDIMM 8GB
$24.0


MAJOR BRAND 8GB DDR3-1333 PC3-10600R 4Rx8 1.5V DIMM Server RAM picture
MAJOR BRAND 8GB DDR3-1333 PC3-10600R 4Rx8 1.5V DIMM Server RAM
$18.99


Intel Pentium III 1.4GHz-S Server CPU Processor 512KB Socket 370 SL6BY picture
Intel Pentium III 1.4GHz-S Server CPU Processor 512KB Socket 370 SL6BY
$40.0


Xerox Fiery Server Model S650-01 - EXP50 - Intel Pentium D 3.2 / 160 GB HD / 2GB picture
Xerox Fiery Server Model S650-01 - EXP50 - Intel Pentium D 3.2 / 160 GB HD / 2GB
$350.0


Lot of 5 MAJOR BRAND 8GB DDR3-1333 PC3-10600R 4Rx8 1.5V DIMM Server RAM picture
Lot of 5 MAJOR BRAND 8GB DDR3-1333 PC3-10600R 4Rx8 1.5V DIMM Server RAM
$67.46


Microsoft Windows Server Standard 2016 2CPU - 16 core-2VM DVD picture
Microsoft Windows Server Standard 2016 2CPU - 16 core-2VM DVD
$40.0