WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



SUPERMICRO SBI-7426T-T3 BLADE 2 X L5630 2.13GHZ 96GB 3 X 600GB SSD picture
SUPERMICRO SBI-7426T-T3 BLADE 2 X L5630 2.13GHZ 96GB 3 X 600GB SSD
$2629.0


SUPERMICRO SBI-7426T-T3 BLADE E5607 2.26GHZ 8GB VLP 2 X 600GB SSD picture
SUPERMICRO SBI-7426T-T3 BLADE E5607 2.26GHZ 8GB VLP 2 X 600GB SSD
$1169.0


FUJITSU RX300 S8 SERVER 2 X E5-2603V2 1.80GHZ 384GB NO HDD picture
FUJITSU RX300 S8 SERVER 2 X E5-2603V2 1.80GHZ 384GB NO HDD
$4569.0


DELL POWEREDGE R730XD SERVER 12 BAY TWO E5-2650LV4 1.7GHZ 256GB 8 X 1TB SATA H73 picture
DELL POWEREDGE R730XD SERVER 12 BAY TWO E5-2650LV4 1.7GHZ 256GB 8 X 1TB SATA H73
$8499.0


DELL POWEREDGE R430 SERVER E5-2683V3 2.0GHZ 32GB 2133MHZ LRDIMM 3 X 300GB H330 picture
DELL POWEREDGE R430 SERVER E5-2683V3 2.0GHZ 32GB 2133MHZ LRDIMM 3 X 300GB H330
$2429.0


DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2640V4 2.4GHz 512GB 8 X 600GB 15K SAS picture
DELL POWEREDGE R730XD SERVER 24 BAY TWO E5-2640V4 2.4GHz 512GB 8 X 600GB 15K SAS
$17519.0