The Small Business Website Guy

  • Home
  • Blog
  • About
  • WordPress Help
  • Services
    • WordPress Help
    • Hacked Site Cleanup
    • Website Management Program
    • Domain Registration
    • Web Hosting
  • Testimonials
  • Contact Us

May 7, 2015 by John

Genicons Security Flaw in WordPress

Another round of updates was released today because of a Genicons security flaw in WordPress themes and plugins. WordPress was updated to version 4.2.2 to help deal with this issue proactively instead of waiting for theme and plugin authors to update their products.

So What’s A “Genicons”?

Genicons is an icon font package that is used in quite a few plugins and themes built for WordPress. The package contains an HTML file that is not needed, but contains a cross-site scripting (XSS) vulnerability. This is the same type of flaw that was discovered a week or so ago and patched in a number of plugins and even WordPress itself.

What Do I Need To Do?

If you are in my Website Management Program, you need do nothing. All updates have been applied.

Otherwise, you need to log in to your WordPress site and apply any updates ASAP. Applying the WP 4.2.2 patch is especially important as it will search for and remove the flawed HTML file during the install process. This helps to alleviate the problem even if the author of a particular plugin or theme hasn’t gotten a fix posted yet.

What Plugins or Themes Are Affected?

The two most prominent are the JetPack plugin produced by WordPress and the Twenty Fifteen theme that is the latest default WP theme included with the WordPress software package. There are literally millions of installs of these two products so it is critical that everyone update them now.

Why Was WordPress Patched?

In addition to the proactive scan mentioned earlier, a comprehensive fix was put in place for the XSS vulnerability that exists in WP 4.2 and earlier versions. An additional fix for a potential XSS flaw in the Visual Editor was also implemented.

Kudos to the WordPress development team for getting these issues addressed and released quickly.

Keep those updates current, folks!

John Sawyer

Laptop image courtesy of Stuart Miles on FreeDigitalPhotos.net

Like this post?  Sign up below to be notified when new posts are published:

johnsmith@example.com
John

Share this post:

Share on TwitterShare on FacebookShare on LinkedIn

Filed Under: Anti-Malware, Safe Computing, Security, Updates, Updates, WordPress Tagged With: genicons, security patch, wordpress 4.2.2, XSS

Select Module

Recent Posts

  • Protect Yourself From Router Exploit
  • Is GDPR Compliance The Problem?
  • Warning! WordPress 4.9.6 Is Coming
  • MalwareBytes Update Issue
  • Google Issues New HTTPS Guidelines

Find Your Domain

Find a domain starting at $0.48

powered by Namecheap

Reach new audiences and grow your following

Privacy Policy | Terms of Use

Copyright © 2007-2021 by Chon Resources – All Rights Reserved Worldwide

We use cookies for various purposes including analytics and personalized marketing. By continuing to use the service, you agree to our use of cookies. - Privacy Policy
Protected by WebARX