This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Samuel Sidler reports :
The Genericons icon font package, which is used in a number of popular
themes and plugins, contained an HTML file vulnerable to a cross-site
scripting attack. All affected themes and plugins hosted on
WordPress.org (including the Twenty Fifteen default theme) have been
updated today by the WordPress security team to address this issue by
removing this nonessential file. To help protect other Genericons
usage, WordPress 4.2.2 proactively scans the wp-content directory for
this HTML file and removes it. Reported by Robert Abela of Netsparker.
WordPress versions 4.2 and earlier are affected by a critical
cross-site scripting vulnerability, which could enable anonymous users
to compromise a site. WordPress 4.2.2 includes a comprehensive fix for
The release also includes hardening for a potential cross-site
scripting vulnerability when using the visual editor. This issue was
reported by Mahadev Subedi.
See also :
Update the affected packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now