WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.



Dell Netshelter SX 24U AR3104X717 Server Rack Enclosure 19
Dell Netshelter SX 24U AR3104X717 Server Rack Enclosure 19" RackMount - A7545498
$700.0


ECC Server RAM 2x8GB Hynix 16GB DDR4 PC4-2400T Memory Module (HMA82GR7MFR8N-UH) picture
ECC Server RAM 2x8GB Hynix 16GB DDR4 PC4-2400T Memory Module (HMA82GR7MFR8N-UH)
$50.0


Black Box ServSwitch KV1401A KVM ServSwitch CX Server Access Module USB RJ45 picture
Black Box ServSwitch KV1401A KVM ServSwitch CX Server Access Module USB RJ45
$2.99


2 HP 332T 616012-001 Ethernet Dual Port 1Gb Server Adapters 615730-001 picture
2 HP 332T 616012-001 Ethernet Dual Port 1Gb Server Adapters 615730-001
$20.0


Chia Farm 332 TiB / 3355 K-32 Plots Includes Enclosure and Drives picture
Chia Farm 332 TiB / 3355 K-32 Plots Includes Enclosure and Drives
$14000.0


Sun Ultra 20 AMD Opteron 1218 Dual Core 2.6GHz 4GB picture
Sun Ultra 20 AMD Opteron 1218 Dual Core 2.6GHz 4GB
$480.0


DELL PERC H710P 1GB SAS 6Gb/s SERVER RAID CONTROLLER CARD 07GCGT 7GCGT picture
DELL PERC H710P 1GB SAS 6Gb/s SERVER RAID CONTROLLER CARD 07GCGT 7GCGT
$74.98


2 HP AK344-63002 Qlogic QLE2560 Single Port 8Gb Server Adapters 489190-001 picture
2 HP AK344-63002 Qlogic QLE2560 Single Port 8Gb Server Adapters 489190-001
$16.0