Wordpress vulnerability leaves millions of servers open to hacks | Cyber Criminals Most Wanted

WordPress vulnerability leaves millions of servers open to hacks

WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

Windows Server 2022 Datacenter activation license

$23.00

Chenbro SR301 Series 4-Bay Compact SOHO Server Chassis w/ 250W PSU | SR30169

$129.00

Dell Poweredge R410 2 X SIX CORE 2.40GHZ E5645 32GB RAM 500GB HHD SERVER QTY

$159.99

HPE ProLiant EC200a Mini Server, Xeon D1518 2.2GHz CPU

$199.00

Dell PowerEdge R720xd Server | 2x E5-2680 2.7Ghz = 16 Cores | 48GB | 4x 2TB SAS

$550.00

HYVE Openrack OCP 1U Server Intel Xeon 16 Core 2.0Ghz 64GB Ram 500GB 10GB SFP+

$199.00

HP Proliant DL380p G8 Server 2x E5-2670 2.6ghz 16-Cores / 16GB / P420 / 2x 460w

$84.99

Dell R210 II Server Intel CPU E31220 3.10GHz 8GB (2x4GB)RAM NO HDD Riverbed

$119.99

Dell Poweredge R720 3.5" 2x E5-2680 2.7ghz 16-Cores 64gb H710 8x Trays 2x750w

$384.99

Supermicro 2U Server 8 HD Bay 3.5 LFF E ATX Storage Chassis TQ Direct Connect

$199.00

By cyber|May 7th, 2015|Cyber News|0 Comments