Wordpress vulnerability leaves millions of servers open to hacks | Cyber Criminals Most Wanted

WordPress vulnerability leaves millions of servers open to hacks

WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

DELL PowerEdge R730 Server 2x E5-2680v4 2.4GHz =28 Cores 128GB H730 4xRJ45

$343.00

Dell R640 8x 2.5" SFF iDRAC 2x 25GbE SFP28- Wholesale Custom Build Your Server

$269.99

2U 12 Bay Supermicro 6028U-TR4T+ w/ X10DRU-i+ Wholesale Custom Build Your Server

$269.99

Supermicro 2U 6028R-E1CR24N 24x LFF- Wholesale Build Your Own Storage Server

$269.99

Dell PowerEdge R630 Server 2x E5-2697v3 2.60Ghz 28-Core 128GB H730P Rails

$295.00

HP ProLiant MicroServer Gen8 Server 12gb RAM I3-3240 NO HDD/OS

$157.49

DELL POWEREDGE T430 Tower Sever XEON E5-2620 V3 @ 2.4GHz, 64GB RAM, NO HDD/OS

$329.95

Dell PowerEdge R730xd Server 2x E5-2697v3 2.60Ghz 28-Core 128GB H730P Rails

$437.90

Dell EMC PowerEdge R640 8x SFF Platinum CPU Wholesale Custom Build Your Server

$671.99

Dell R640 8x 2.5" SFF Server iDRAC - Wholesale Custom Build Your Server

$270.99

By cyber|May 7th, 2015|Cyber News|0 Comments