WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



DELL POWEREDGE R430 SERVER TWO E5-2637V3 3.5GHZ 128GB 3 X 500GB H730P picture
DELL POWEREDGE R430 SERVER TWO E5-2637V3 3.5GHZ 128GB 3 X 500GB H730P
$4079.0


DELL POWEREDGE R430 SERVER E5-2630LV4 1.8GHZ 16GB 2133MHZ 4 X 2TB SAS H730 picture
DELL POWEREDGE R430 SERVER E5-2630LV4 1.8GHZ 16GB 2133MHZ 4 X 2TB SAS H730
$2439.0


HPE HP DL380 G9 Gen9 SERVER E5-2660V4 2GHZ 192GB 2 X 900GB 10K picture
HPE HP DL380 G9 Gen9 SERVER E5-2660V4 2GHZ 192GB 2 X 900GB 10K
$6289.0


HPE PROLIANT DL380 G9 Gen9 SERVER TWO E5-2698V4 2.2GHZ 512GB 12 X 240GB SSD picture
HPE PROLIANT DL380 G9 Gen9 SERVER TWO E5-2698V4 2.2GHZ 512GB 12 X 240GB SSD
$18519.0


DELL POWEREDGE R730XD 24 BAY E5-2660V3 2.6GHZ 64GB 18 X 1.6TB SSD H730 picture
DELL POWEREDGE R730XD 24 BAY E5-2660V3 2.6GHZ 64GB 18 X 1.6TB SSD H730
$10789.0


DELL POWEREDGE R730XD 24 BAY TWO E5-2697AV4 2.6GHZ 512GB 24 X 300GB 15K 12G H730 picture
DELL POWEREDGE R730XD 24 BAY TWO E5-2697AV4 2.6GHZ 512GB 24 X 300GB 15K 12G H730
$16729.0


DELL POWEREDGE R730 8 BAY TWO E5-2640V3 2.6GHZ 128GB 7 X 300GB 15K 12G H730 picture
DELL POWEREDGE R730 8 BAY TWO E5-2640V3 2.6GHZ 128GB 7 X 300GB 15K 12G H730
$4589.0