WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



HP ProLiant BL460c Gen8 G8 Blade Server | 2 x 8-Core Xeon E5-2650 | Barebones picture
HP ProLiant BL460c Gen8 G8 Blade Server | 2 x 8-Core Xeon E5-2650 | Barebones
$85.0


Lantronix UDS Universal Device Server UDS2100 SDS2101 080-368-000-R picture
Lantronix UDS Universal Device Server UDS2100 SDS2101 080-368-000-R
$45.0


BARRACUDA BBS890A BACKUP SERVER 890 picture
BARRACUDA BBS890A BACKUP SERVER 890
$3500.0


Cisco Linksys PSUS4 Wired USB Print Server with 4-Port Switch w/ Adapter picture
Cisco Linksys PSUS4 Wired USB Print Server with 4-Port Switch w/ Adapter
$32.0


Lot of 2 HP HSTNS-PL14 460W Server Power Supply 499249-001 499250-201 511777-001 picture
Lot of 2 HP HSTNS-PL14 460W Server Power Supply 499249-001 499250-201 511777-001
$19.7


DELL PowerEdge SC440 Server Motherboard (w CPU+ 4GB) picture
DELL PowerEdge SC440 Server Motherboard (w CPU+ 4GB)
$15.0


Samsung 32GB 4Rx4 PC3L-10600L-09-12-C0 M386B4G70DMO-YH93Q Server RAM picture
Samsung 32GB 4Rx4 PC3L-10600L-09-12-C0 M386B4G70DMO-YH93Q Server RAM
$55.0


Dell PowerEdge R430 Server / 2x E5-2640 v4 = 20 Cores / 192GB RAM / 2x 1TB SSD picture
Dell PowerEdge R430 Server / 2x E5-2640 v4 = 20 Cores / 192GB RAM / 2x 1TB SSD
$1738.95