Wordpress vulnerability leaves millions of servers open to hacks | Cyber Criminals Most Wanted

WordPress vulnerability leaves millions of servers open to hacks

WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

Dell PowerEdge R630 Server | 2x E5-2680 v3 2.5GHz -24 Cores| 128GB RAM| 900GB HD

$512.99

Dell PowerEdge R720 Server | 2x E5-2650 v2 = 16 Cores | 128GB RAM | 4x Trays

$322.99

HP Proliant DL360p G8 Server | 2x E5-2680 2.7GHz =16 Cores | 96GB | 2x 300GB SAS

$163.99

HP Proliant DL360p G8 Server 2x 2670 2.6GHz = 16 Cores | 64GB | 2x 300GB SAS

$136.99

1U Supermicro server 2x Intel E5-2667 v2 16 core Turbo 4.0Ghz 2x 10G SFP+ 128GB

$249.00

HYVE ZEUS V1 1U SERVER 2x XEON TEN CORE E5-2660V2 2.2GHz 64GB RAM NO HDD

$156.00

HP Proliant DL380p G8 Server | 2x E5-2609 V2 2.5GHz =8 Cores | 16GB RAM | No HDD

$104.99

Dell PowerEdge R620 Server 2x E5-2670 V2 2.5GHz = 20 Cores 64GB H310 4x 1TB SATA

$239.99

Supermicro 2U Server 8 HD Bay 3.5 LFF E ATX Storage Chassis TQ Direct Connect

$175.00

Dell PowerEdge R630 Server 10-Bay 2x E5-2667v4

$305.00

By cyber|May 7th, 2015|Cyber News|0 Comments