WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



DELL POWEREDGE R630 8 BAY 2 X E5-2697AV4 2.6GHZ 192GB 2 X 900GB 10K SAS H730 picture
DELL POWEREDGE R630 8 BAY 2 X E5-2697AV4 2.6GHZ 192GB 2 X 900GB 10K SAS H730
$12149.0


DELL POWEREDGE M630 E5-2650LV4 1.7GHZ 128GB 1TB SATA S130 picture
DELL POWEREDGE M630 E5-2650LV4 1.7GHZ 128GB 1TB SATA S130
$3669.0


DELL POWEREDGE R630 8 BAY 2 X E5-2650V4 2.2GHZ 768GB 5 X 1.6TB SSD SAS H730 picture
DELL POWEREDGE R630 8 BAY 2 X E5-2650V4 2.2GHZ 768GB 5 X 1.6TB SSD SAS H730
$22279.0


DELL POWEREDGE M630 E5-2630V3 2.4GHZ 128GB 250GB SATA S130 picture
DELL POWEREDGE M630 E5-2630V3 2.4GHZ 128GB 250GB SATA S130
$2589.0


HP Proliant DL360 G4p 2x Xeon 3.60GHz 4GB 382147-405 picture
HP Proliant DL360 G4p 2x Xeon 3.60GHz 4GB 382147-405
$349.99


DELL POWEREDGE R630 8 BAY E5-2630LV3 1.8GHZ 192GB 7 X 600GB 10K 12G H730 picture
DELL POWEREDGE R630 8 BAY E5-2630LV3 1.8GHZ 192GB 7 X 600GB 10K 12G H730
$6099.0


DELL POWEREDGE M630 E5-2623V3 3GHZ 64GB 250GB SATA S130 picture
DELL POWEREDGE M630 E5-2623V3 3GHZ 64GB 250GB SATA S130
$1989.0


DELL POWEREDGE M630 E5-2650V3 2.3GHZ 32GB 250GB SATA S130 picture
DELL POWEREDGE M630 E5-2650V3 2.3GHZ 32GB 250GB SATA S130
$2219.0