Wordpress vulnerability leaves millions of servers open to hacks | Cyber Criminals Most Wanted

WordPress vulnerability leaves millions of servers open to hacks

WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45

$294.00

DELL PowerEdge R630 8SFF Server 2x E5-2690v4 2.6GHz =28 Cores 128GB H730 4xRJ45

$412.00

DELL PowerEdge R630 8SFF Server 2x E5-2680v3 2.5GHz =24 Cores 32GB H730 4xRJ45

$260.00

New Supermicro 1U Server X10SRW-F Xeon E5-2690 v4 2.6Ghz / 64GB / Rails

$349.99

HP Proliant MicroServer Gen8 XeonDC 2.3GHz NO HD 8GB DDR3 No Cover/Caddies

$79.99

Supermicro 4U 36 Bay TRUNAS Storage Server Xeon 20 Core 3Ghz 256GB X540 10GBaseT

$588.00

Dell R730XD 24xSFF Server 2x HS, 2x 1100W, H730, Enterprise- Wholesale Custom

$265.00

Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB

$599.95

DELL PowerEdge R730 16SFF Server 2x E5-2680v3 2.5GHz =24 Cores 64GB H730 4xRJ45

$322.00

Dell Poweredge R630 2x Xeon E5-2690 v4 2.6ghz 28-Cores / 128gb / H730 / iDracEnt

$294.99

By cyber|May 7th, 2015|Cyber News|0 Comments