WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



FUJITSU-SIEMENS S26361-D1691-B22 SERVER BOARD S2676 2x s604 picture
FUJITSU-SIEMENS S26361-D1691-B22 SERVER BOARD S2676 2x s604
$2469.19


HP 763238-B21 Proliant Dl160 Gen9 Server picture
HP 763238-B21 Proliant Dl160 Gen9 Server
$203.7


SAMSUNG M393B1K70Dh0-Yh9Q9  Memory Module For Server-M393B1K70Dh0-Yh9Q9 picture
SAMSUNG M393B1K70Dh0-Yh9Q9 Memory Module For Server-M393B1K70Dh0-Yh9Q9
$89.0


DELL 0Nh4P  System Board For Poweredge R710 Server picture
DELL 0Nh4P System Board For Poweredge R710 Server
$99.0


HP 507609-001 500Gb 7200Rpm Sas 6Gbits Dual Port 2.5Inch Sff Hot Plug Midline picture
HP 507609-001 500Gb 7200Rpm Sas 6Gbits Dual Port 2.5Inch Sff Hot Plug Midline
$99.0


DELL Gpp3G  1Tb 7200Rpm 64Mb Buffer Near Line Sas 6Gbits 3.5Inch Hard Disk Drive picture
DELL Gpp3G 1Tb 7200Rpm 64Mb Buffer Near Line Sas 6Gbits 3.5Inch Hard Disk Drive
$99.0


DELL E10G42Bt-  10Gb Dual Port Ethernet Server Adapter picture
DELL E10G42Bt- 10Gb Dual Port Ethernet Server Adapter
$122.0


HPE 586444-001 NC550SFP Dual Port 10GbE Server Adapter picture
HPE 586444-001 NC550SFP Dual Port 10GbE Server Adapter
$89.0