WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



DELL POWEREDGE R730XD 24 BAY TWO E5-2623V3 3GHZ 128GB 20 X 600GB 15K 12G H730 picture
DELL POWEREDGE R730XD 24 BAY TWO E5-2623V3 3GHZ 128GB 20 X 600GB 15K 12G H730
$8249.0


LENOVO THINKSERVER TS440 SERVER E3-1280V3 3.6GHZ 4 X 4GB UDIMM NO HDD picture
LENOVO THINKSERVER TS440 SERVER E3-1280V3 3.6GHZ 4 X 4GB UDIMM NO HDD
$1189.0


DELL POWEREDGE R730XD SERVER 12 BAY E5-2620V4 2.1GHz 16GB 12 X 4TB SATA 600GB 10 picture
DELL POWEREDGE R730XD SERVER 12 BAY E5-2620V4 2.1GHz 16GB 12 X 4TB SATA 600GB 10
$5269.0


DELL POWEREDGE R730XD SERVER 12 BAY TWO E5-2680V3 2.5GHZ 768GB 4 X 4TB SATA 300G picture
DELL POWEREDGE R730XD SERVER 12 BAY TWO E5-2680V3 2.5GHZ 768GB 4 X 4TB SATA 300G
$12169.0


DELL POWEREDGE M630 TWO E5-2623V4 2.6GHZ 128GB 2 X 1.8TB 10K 12G H730 picture
DELL POWEREDGE M630 TWO E5-2623V4 2.6GHZ 128GB 2 X 1.8TB 10K 12G H730
$3519.0


DELL POWEREDGE R720 8B 2.5 SERVER E5-2695V2 2.40GHZ 16GB 4 X 300GB 15K SAS H310 picture
DELL POWEREDGE R720 8B 2.5 SERVER E5-2695V2 2.40GHZ 16GB 4 X 300GB 15K SAS H310
$2159.0