WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Dell Poweredge R900 picture
Dell Poweredge R900
$30.0


Dell Poweredge R620 2x E5-2640 6C 64GB 2x 146GB 15K H710 2x PSU 1U Server #1G picture
Dell Poweredge R620 2x E5-2640 6C 64GB 2x 146GB 15K H710 2x PSU 1U Server #1G
$519.99


HP ProLiant ML110 G7 Server 4GB RAM Xeon E31220 3.1 GHz 2 X 500GB Hard Drives picture
HP ProLiant ML110 G7 Server 4GB RAM Xeon E31220 3.1 GHz 2 X 500GB Hard Drives
$150.0


HP PROLIANT DL360P G8 Gen8 SERVER E5-2690V2 3.0GHZ 72GB 5 X 960GB SSD picture
HP PROLIANT DL360P G8 Gen8 SERVER E5-2690V2 3.0GHZ 72GB 5 X 960GB SSD
$4049.0


HP PROLIANT DL360P G8 Gen8 SERVER E5-2650 2.0GHZ 16GB 1600MHZ 3 X 1.6TB SSD picture
HP PROLIANT DL360P G8 Gen8 SERVER E5-2650 2.0GHZ 16GB 1600MHZ 3 X 1.6TB SSD
$2479.0


HP PROLIANT DL360P G8 Gen8 SERVER E5-2690V2 3.0GHZ 96GB 7 X 300GB 15K SAS picture
HP PROLIANT DL360P G8 Gen8 SERVER E5-2690V2 3.0GHZ 96GB 7 X 300GB 15K SAS
$2679.0


HPE PROLIANT DL360 G9 Gen9 SERVER TWO E5-2650V3 2.3GHZ 512GB 8 X 960GB SSD picture
HPE PROLIANT DL360 G9 Gen9 SERVER TWO E5-2650V3 2.3GHZ 512GB 8 X 960GB SSD
$15169.0


DELL POWEREDGE M630 E5-2660V4 2GHZ 128GB 1TB SATA S130 picture
DELL POWEREDGE M630 E5-2660V4 2GHZ 128GB 1TB SATA S130
$3589.0