Are you willing to protect your WordPress Site from the Genericons XSS Vulnerability? We can help you with it.

Here at Bobcares, we have seen several such WordPress queries as part of our Server Management Services for web hosts, WordPress users, and online service providers.

Today we’ll take a look at how to protect the WordPress website from vulnerability.

Know more about Genericons XSS Vulnerability

The Genericons is a font package where the actual vulnerability is present. This font package is present in the “TwentyFifteen” theme that is installed and enabled in the WordPress by default. Moreover, this vulnerability affected one of the most popular plugin named “Jetpack”.

Generally, this vulnerability is present in a single file example.html that is included in the Genericon package. This file was included to showcase the font. So, any themes or plugins that used the more modern versions of the “Genericons” package without removing this file were vulnerable.

How to overcome Genericons XSS Vulnerability issue.

Now let’s see how our Support Engineers assist our customers in getting rid of this vulnerability.

1. In case, if you have installed or updated your WordPress version then you must be secured.

2. But, if you have a WordPress version lesser than 4.2.2 then your website might be vulnerable. In such case, update the WordPress version to higher one.

Also, you can access the server’s document root and search the example.html file. For that, you can type the below in the server’s document root.

$ find . -path “*/genericons/example.html”

For instance, the output will be as below.

./wp-content/themes/twentythirteen/genericons/example.html
./wp-content/themes/twentyfifteen/genericons/example.html
./wp-content/themes/twentyfourteen/genericons/example.html

So this confirms that the example.html files are present within the TwentyFifteen file. This indicates that the website is vulnerable. So you need to remove these files.

You can directly remove them by running,

$ sudo find . -path “*/genericons/example.html” -exec rm -f {} \;

Then, you can check the existence of the files by running,

$ find . -path “*/genericons/example.html”

Now, no example.com files must be present.

3. Consider upgrading the themes and plugins.

[Need any further assistance in WordPress errors? – We’re available to help you]

Conclusion

Today, we discussed the Genericons XSS Vulnerability and saw how to protect the WordPress Site from it.