WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



HP ProLiant DL380 G6 Server Dual E5540 QC 2.53GHz 288GB 8x 146GB 15K SAS RPS picture
HP ProLiant DL380 G6 Server Dual E5540 QC 2.53GHz 288GB 8x 146GB 15K SAS RPS
$1315.0


HP ProLiant DL360 G7 Server Dual Xeon E5504 QC 2.00GHz 128GB 4x 300GB SAS RPS picture
HP ProLiant DL360 G7 Server Dual Xeon E5504 QC 2.00GHz 128GB 4x 300GB SAS RPS
$470.99


Dell PowerEdge R720 Dual E5-2660 8C 2.2GHz 128GB 4x 500GB SAS H710 8 Bay 2.5in picture
Dell PowerEdge R720 Dual E5-2660 8C 2.2GHz 128GB 4x 500GB SAS H710 8 Bay 2.5in
$1682.0


HP ProLiant DL380 G6 Server Dual Xeon X5550 QC 2.66GHz 256GB RPS picture
HP ProLiant DL380 G6 Server Dual Xeon X5550 QC 2.66GHz 256GB RPS
$1062.0


IBM X3690 X5 2 x 2.26ghz 8Core 192GB M5014 2x PS 4x 300GB 10K 2.5
IBM X3690 X5 2 x 2.26ghz 8Core 192GB M5014 2x PS 4x 300GB 10K 2.5" SAS 7148-AC1
$1735.37


Dell PowerEdge R720 Server Dual E5-2609 QC 2.4GHz 512GB 4x 1TB SAS 3.5in 8 Bay picture
Dell PowerEdge R720 Server Dual E5-2609 QC 2.4GHz 512GB 4x 1TB SAS 3.5in 8 Bay
$5421.0


Dell PowerEdge R720 Dual E5-2690 8C 2.9GHz 96GB 4x 146GB SAS H710 8 Bay 2.5in picture
Dell PowerEdge R720 Dual E5-2690 8C 2.9GHz 96GB 4x 146GB SAS H710 8 Bay 2.5in
$1676.0


IBM X3690 X5 2 x 2.26ghz 8Core 128GB M5014 2x PS 4x 300GB 10K 2.5
IBM X3690 X5 2 x 2.26ghz 8Core 128GB M5014 2x PS 4x 300GB 10K 2.5" SAS 7148-AC1
$1510.37