Wordpress vulnerability leaves millions of servers open to hacks | Cyber Criminals Most Wanted

WordPress vulnerability leaves millions of servers open to hacks

WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

DELL PowerEdge R730 8LFF Server 2x E5-2650v4 2.2GHz = 24 Cores 32GB H730 4xRJ45

$393.00

Dell PowerEdge R720 Server 2x E5-2670 V2 =20 Cores 128GB RAM H710 2x 900GB SAS

$331.20

Dell PowerEdge R720XD Server | 2x 2660 V2 =20 Cores | 64GB | H710 | 2x 4TB SAS

$286.99

HP ProLiant DL380 G9 Server | 2x E5-2650 V4 = 24 Cores | 128GB | 8x 600GB SAS

$468.99

HYVE ZEUS V1 1U SERVER 2x XEON TEN CORE E5-2660V2 2.2GHz 0GB RAM NO HDD

$108.00

Dell Poweredge R720XD 2 X TEN CORE 2.80GHZ E5-2680v2 128GB RAM 12 X 3TB SERVER

$489.99

Dell PowerEdge R730XD DUAL XEON E5-2680 v3 2.5GHz 24 Core 256GB RAM 8x32GB DIMM

$649.95

HPE ProLiant DL380 G9 DUAL Xeon E5-2680v4 256GB DDR4

$399.99

Dell PowerEdge R720XD Server 2x 2680 V2=20 Cores | 128GB | H710P | 4x trays

$337.99

Dell R220 Server Intel Xeon 1x E3-1270 V3 3.50GHz 4C, 16GB, PERC H310

$165.00

By cyber|May 7th, 2015|Cyber News|0 Comments