Plugin maybe Vulnerable to DOM-based XSS | WordPress.org

holzhannes
(@holzhannes)

8 years, 11 months ago

Please read this arcticle by David Dede for more information.

You should delete the example.html file in the plugin directory.
../_inc/genericons/example.html

I am not sure if this example.html of genericons has the same securtiy problem but I think it is better to delete it.

If you have installed WordPress 4.2.2 allready the Problem should be fixed. “The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today (07/05/2015) by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it.“

https://wordpress.org/plugins/slimjetpack/

Viewing 1 replies (of 1 total)

Sparanoid
(@sparanoid)

8 years, 6 months ago

We’re maintaining a brand new Jetpack lite version Slimpack, it will keep active maintenance to avoid vulnerabilities, you should check it out: https://wordpress.org/plugins/slimpack/

Viewing 1 replies (of 1 total)

The topic ‘Plugin maybe Vulnerable to DOM-based XSS’ is closed to new replies.

Tags

xss

In: Plugins
1 reply
2 participants
Last reply from: Sparanoid
Last activity: 8 years, 6 months ago
Status: not resolved