WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



INTEL - NETWORKING E10G42BFSR ENET SERVER ADAPTER X520-SR2 picture
INTEL - NETWORKING E10G42BFSR ENET SERVER ADAPTER X520-SR2
$582.14


Raritan Dominion Dual-feed AC power, 48-port secure console server picture
Raritan Dominion Dual-feed AC power, 48-port secure console server
$399.99


EMC VNX Series 40U Server Cabinet Rack Enclosure (T-RACK1) picture
EMC VNX Series 40U Server Cabinet Rack Enclosure (T-RACK1)
$184.93


EMC VNX Series 40U Server Cabinet Rack Enclosure (T-RACK6 | 046-004-336-A02) picture
EMC VNX Series 40U Server Cabinet Rack Enclosure (T-RACK6 | 046-004-336-A02)
$284.5


HP 413996-001 412140-B21 SERVER COOLING FAN MODULE C7000 picture
HP 413996-001 412140-B21 SERVER COOLING FAN MODULE C7000
$29.99


Great Lakes 24U Server Rack Enclosure (GL480ES2442) - Missing Door & Keys picture
Great Lakes 24U Server Rack Enclosure (GL480ES2442) - Missing Door & Keys
$220.11


Samsung 16GB 2Rx4 PC312800 DDR3-1600 ECC Server Memory RAM M393B2G70EB0-YK0 picture
Samsung 16GB 2Rx4 PC312800 DDR3-1600 ECC Server Memory RAM M393B2G70EB0-YK0
$34.0


SKhynix 16GB 2Rx4 PC3-12800 DDR3-1600 ECC Server Memory RAM HMT42GR7AFR4A-PB picture
SKhynix 16GB 2Rx4 PC3-12800 DDR3-1600 ECC Server Memory RAM HMT42GR7AFR4A-PB
$35.0