WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Dell PowerEdge R510. 1 x E5620, PERC S300, 8GB Ram picture
Dell PowerEdge R510. 1 x E5620, PERC S300, 8GB Ram
$1029.0


Ablecom SP302-2C PWS-0028 Supermicro 300Watt Server Power Supply PSU picture
Ablecom SP302-2C PWS-0028 Supermicro 300Watt Server Power Supply PSU
$103.47


Dell 900GB SAS server hard drive 2.5
Dell 900GB SAS server hard drive 2.5" 10K 6G 4X1DR WD9001BKHG-18D22V0
$109.95


Dell PowerEdge R720 2x E5-2650 2.0GHz 8 Core 96GB 16x 300GB 15K SAS H710 picture
Dell PowerEdge R720 2x E5-2650 2.0GHz 8 Core 96GB 16x 300GB 15K SAS H710
$3075.0


Dell Poweredge 2650 Server Riser Board picture
Dell Poweredge 2650 Server Riser Board
$18.95


Lot of 7 Dell Poweredge Servers 2950 2970 1950 No HDDs /w Ram Local Pickup Only picture
Lot of 7 Dell Poweredge Servers 2950 2970 1950 No HDDs /w Ram Local Pickup Only
$299.95


Economy DELL PowerEdge R420 Server 2x 2.20Ghz E5-2407 QC 48GB 4x 500GB picture
Economy DELL PowerEdge R420 Server 2x 2.20Ghz E5-2407 QC 48GB 4x 500GB
$742.5


HYNIX 48GB (12 x 4GB) PC3-10600R DDR3 1333 2Rx4 server Memory HMT151R7TFR4C-H9 picture
HYNIX 48GB (12 x 4GB) PC3-10600R DDR3 1333 2Rx4 server Memory HMT151R7TFR4C-H9
$89.99