WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Computer Memory 4x4GB and 8x1GB DDR2 Server picture
Computer Memory 4x4GB and 8x1GB DDR2 Server
$9.1

Server with K9N6PGM-F Mother board and associated components. picture
Server with K9N6PGM-F Mother board and associated components.
$19.99

X99 8M F X99 Motherboard Intel XEON LGA 2011-3 DDR4 RECC NON-ECC Memory Combo picture
X99 8M F X99 Motherboard Intel XEON LGA 2011-3 DDR4 RECC NON-ECC Memory Combo
$124.16

USED 3U 16-BAY WIN SERVER 2008 R2 STANDARD INSTALLED | NO HARD DRIVES - DEAL picture
USED 3U 16-BAY WIN SERVER 2008 R2 STANDARD INSTALLED | NO HARD DRIVES - DEAL
$390.0

e_Server 73 GB 15k RPM SAS/ Disk Drive /MODEL ST 3733455S/SEALED⚡ picture
e_Server 73 GB 15k RPM SAS/ Disk Drive /MODEL ST 3733455S/SEALED⚡
$25.99

HP Jetdirect 250m lio print server J6042B Used picture
HP Jetdirect 250m lio print server J6042B Used
$24.99

HP Jetdirect 200m lio print server J6039B used - no cables picture
HP Jetdirect 200m lio print server J6039B used - no cables
$19.99

Apple Mac OS X Version 10.5 Leopard Server 10-Client License (MB005Z/A) picture
Apple Mac OS X Version 10.5 Leopard Server 10-Client License (MB005Z/A)
$49.95