Wordpress vulnerability leaves millions of servers open to hacks | Cyber Criminals Most Wanted

WordPress vulnerability leaves millions of servers open to hacks

WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

Dell PowerEdge R620 Server | 2x 2680 V2 2.8GHz = 20 Cores | 96GB | 2x 1TB SAS

$334.40

Dell PowerEdge R620 Server | 2x E5-2680 V2 2.8GHz =20 Cores | 128GB | 2x 1TB SAS

$353.60

Dell PowerEdge R620 Server 2x E5-2660v2 10C (20 Cores Total) 96GB 2x 1TB w/ Raid

$247.00

Supermicro 2U Server 8 HD Bay 3.5 LFF E ATX Storage Chassis TQ Direct Connect

$199.00

Supermicro 36-Bay 4U SuperStorage Server SSG-6047R-E1R36L 64GB RAM 2X E5-2609V2

$399.99

Dell Poweredge R620 2x E5-2670 2.6ghz 16-Cores / 32gb / H710 / 2x Trays / 750w

$89.99

Dell PowerEdge R710 2U Server 2x X5660 2.80GHZ 12-Core / 64gb / 2xTrays / Perc6i

$129.99

HP Proliant DL360p G8 Server | 2x E5-2680 2.7GHz =16 Cores | 32GB | 2x 300GB SAS

$141.99

1U Supermicro server 2x Intel E5-2667 v2 16 core Turbo 4.0Ghz 2x 10G SFP+ 128GB

$299.00

Supermicro 1U Server X10DRU-i+ 2x Xeon E5-2676 V3 ES 12 Core Procs 64GB DDR4 RAM

$334.00

By cyber|May 7th, 2015|Cyber News|0 Comments