WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



IBM CPU/Processor Board Processor Tray 886 x3850 Server - 150 11/12ft5924 picture
IBM CPU/Processor Board Processor Tray 886 x3850 Server - 150 11/12ft5924
$66.9


for HP ProLiant ML110 G7 Server 631568-001 / 644757-001 CPU Cooling Fan HXOP033 picture
for HP ProLiant ML110 G7 Server 631568-001 / 644757-001 CPU Cooling Fan HXOP033
$7.49


HPE - PROLIANT SERVERS P19774-B21 DL360 GEN10 4208 1P 16G NC 8SFF picture
HPE - PROLIANT SERVERS P19774-B21 DL360 GEN10 4208 1P 16G NC 8SFF
$2092.77


HPE - PROLIANT SERVERS P02571-B21 DL360 GEN10 XEON-S 4208 KIT picture
HPE - PROLIANT SERVERS P02571-B21 DL360 GEN10 XEON-S 4208 KIT
$754.34


Dell PowerEdge R410 Server 2x Intel Xeon X5650 16GB RAM 2x 500W PSU *USED TESTED picture
Dell PowerEdge R410 Server 2x Intel Xeon X5650 16GB RAM 2x 500W PSU *USED TESTED
$115.0


50 Screws Dell Server PowerEdge PowerVault Hd-Caddy Tray 8,89cm 3,5
50 Screws Dell Server PowerEdge PowerVault Hd-Caddy Tray 8,89cm 3,5 "
$32.93


DELL 0U3867 PRO/1000 PT SERVER ADAPTER PCI-E D28777-004 picture
DELL 0U3867 PRO/1000 PT SERVER ADAPTER PCI-E D28777-004
$32.95


Dell H318J D500E-S0 PowerEdge R410 500W Hot-Swap Server Power Supply PSU picture
Dell H318J D500E-S0 PowerEdge R410 500W Hot-Swap Server Power Supply PSU
$62.76