Thread: [!] - Wordpress - JetPack, TwentyFifteen and others
View Single Post
Old 05-07-2015, 09:10 AM  
MrGusMuller
Confirmed User
 
MrGusMuller's Avatar
 
Industry Role:
Join Date: Oct 2010
Location: Portugal
Posts: 1,262
[!] - Wordpress - JetPack, TwentyFifteen and others
Quote:
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed by default) are found to be vulnerable.
...

Quote:
but if you do not have a WAF or IPS protecting your site, we highly recommend removing the example.html from inside the genericons directory.
https://blog.sucuri.net/2015/05/jetp...based-xss.html
__________________
StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
ICQ: 63*23*43*113
MrGusMuller is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote