Wordpress vulnerability leaves millions of servers open to hacks | Cyber Criminals Most Wanted

WordPress vulnerability leaves millions of servers open to hacks

WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

Supermicro 1U Server 10 BAY SFF 2x Xeon E5-2667 v2 3.30Ghz 128GB 2x 10GBase-T

$364.00

Dell PowerEdge R510 Server 2X 2.80GHz 6 Cores 32 GB 36TB Storage Linux

$265.00

Dell PowerEdge R720 Server / 2x E5-2670 V2 =20 Cores / 128GB RAM / 4x Trays

$558.40

1U Supermicro Firewall Router Jumpbox 6x 10GB Ethernet E3-1270 V3 8GB Dual PS

$199.00

Dell Poweredge R410 2 X SIX CORE 2.40GHZ E5645 32GB RAM 500GB HHD SERVER QTY

$159.99

HPE ProLiant EC200a Mini Server, Xeon D1518 2.2GHz CPU

$199.00

Dell PowerEdge R620 1U Server - 2X E5-2630 Hex Core/64GB/H310 RAID/2X 300GB SAS

$174.99

Dell PowerEdge R720xd Server 2x E5-2680 2.7Ghz 16-Cores 64gb H710 12x Trays

$329.99

Supermicro 2U Server 8 HD Bay 3.5 LFF E ATX Storage Chassis TQ Direct Connect

$199.00

Dell PowerEdge T610 Tower Server - CTO Wholesale Custom to Order

$180.19

By cyber|May 7th, 2015|Cyber News|0 Comments