Genericons XSS Vulnerability - How to Protect your WordPress Site

Remote Linux Server Administrator
WordPress
132

Are you trying to protect your WordPress Site from the Genericons XSS Vulnerability?

This guide is for you.

Genericons XSS Vulnerability in Wordpress Websites can leave your site open to cross-site scripting (XSS) attacks.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform WordPress related queries.

In this context, we shall look into how to protect the WordPress website from vulnerability.

More information about Genericons XSS Vulnerability ?

The Genericons is a font package where the actual vulnerability is present. This font package is present in the "TwentyFifteen" theme that is installed and enabled in the WordPress by default.

Moreover, this vulnerability affected one of the most popular plugin named "Jetpack".

Generally, this vulnerability is present in a single file example.html that is included in the Genericon package. This file was included to showcase the font.

So, any themes or plugins that used the more modern versions of the "Genericons" package without removing this file were vulnerable.

How to prevent Genericons XSS Vulnerability issues?

1. In case, if you have installed or updated your WordPress version then you must be secured.

2. But, if you have a WordPress version lesser than 4.2.2 then your website might be vulnerable. In such case, update the WordPress version to higher one.

Also, you can access the server’s document root and search the example.html file.

For that, you can type the below in the server’s document root.

$ find . -path “*/genericons/example.html”

For instance, the output will be as below:

./wp-content/themes/twentythirteen/genericons/example.html
./wp-content/themes/twentyfifteen/genericons/example.html
./wp-content/themes/twentyfourteen/genericons/example.html

So this confirms that the example.html files are present within the TwentyFifteen file. This indicates that the website is vulnerable. So you need to remove these files.

You can directly remove them by running,

$ sudo find . -path “*/genericons/example.html” -exec rm -f {} \;

Then, you can check the existence of the files by running,

$ find . -path “*/genericons/example.html”

Now, no example.com files must be present.

3. Consider upgrading the themes and plugins.

[Need urgent assistance in WordPress errors? – We're available to help you. ]

Conclusion

The article covers Genericons #XSS Vulnerability and saw how to protect the WordPress Site from it.

The Genericons package includes a file called example.html which has been found to be vulnerable to a DOM-based XSS #vulnerability.

This package is included in various WordPress plugins and themes.

You can fix this issue by trying to Remove the example.html file located in the genericons directory.

The recommended way to patch your system is simply to upgrade WordPress.

This will not only secure your system against this vulnerability, but also any other issues that may have been fixed.

If your permissions allow it, you can usually upgrade your installation using the admin panel update controls.

Although we highly recommend that you update WordPress completely (along with any affected themes or plugins), you can also easily manually delete the offending files.

To do so, log into your WordPress server and navigate to your document root directory.

You can remove the offending files by typing:

sudo find . -path "*/genericons/example.html" -exec rm -f {} \;

You can then check your directory structure again:

find . -path "*/genericons/example.html"

All of the example.html instances within a genericons directory should be removed.

#Genericons includes a file called example.html which has been found to be vulnerable to attack from the Document Object Model level.

Any WordPress plugin or theme that includes this file is open to an attack.

To help combat this, we have done the following for VaultPress users:

1. We've deleted the file everywhere we can to proactively secure your site.

2. We've added it to our security scanner so that if there are any cases where we couldn't detect the file or couldn't delete it, you will still be notified if the file exists on your site.

3. For users with sites where we couldn’t remove the file, we have personally emailed each of you with steps to remove the file and details about where the file is located.

Also, another important security update was released today for #WordPress in Version 4.2.2. Version 4.2.2 fixes several vulnerabilities that could allow users to compromise your site including the Genericons vulnerability.