WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Mid-Level DELL PE R610 2x 2.40Ghz E5620 QC 32GB 2x 300GB 10K SAS picture
Mid-Level DELL PE R610 2x 2.40Ghz E5620 QC 32GB 2x 300GB 10K SAS
$414.0


Dell PowerEdge R710 - 2x Intel Xeon E5540 2.53GHz, 72GB DDR3, 2x 2TB 3.5” Perc6i picture
Dell PowerEdge R710 - 2x Intel Xeon E5540 2.53GHz, 72GB DDR3, 2x 2TB 3.5” Perc6i
$438.85


HYNIX 32GB KIT (8x4GB) PC2-5300F 4GB 2Rx4 DDR2 SERVER RAM HYMP151F72CP4N3-Y5-AC picture
HYNIX 32GB KIT (8x4GB) PC2-5300F 4GB 2Rx4 DDR2 SERVER RAM HYMP151F72CP4N3-Y5-AC
$34.99


Low Power Consumption HP PL DL360 G7 12-Core 144GB 3x 160GB SSD 5x 500GB SAS picture
Low Power Consumption HP PL DL360 G7 12-Core 144GB 3x 160GB SSD 5x 500GB SAS
$1213.0


HP DL380 G6 2x Quad-Core Xeon 2.93GHz / 72GB RAM / 4x 300Gb SAS / VMware Ready picture
HP DL380 G6 2x Quad-Core Xeon 2.93GHz / 72GB RAM / 4x 300Gb SAS / VMware Ready
$489.0


Refurbished Dell Cheetah 600GB 15K 3.5
Refurbished Dell Cheetah 600GB 15K 3.5" 6G SAS Server Hard Drive
$25.0


HP DL360 G7 2x Quad-Core Xeon 2.66GHz / 48GB RAM / 8x 146Gb SAS / VMware Ready picture
HP DL360 G7 2x Quad-Core Xeon 2.66GHz / 48GB RAM / 8x 146Gb SAS / VMware Ready
$509.0


Riverbed Steelhead 100/200 Application Accelerator LBL-00068-100 picture
Riverbed Steelhead 100/200 Application Accelerator LBL-00068-100
$140.0