Millions of WordPress Websites Affected By Plugin Vulnerability

Recent reports from Web security firm, Sucuri reveals that a WordPress plugin vulnerability affecting all websites that are using genericons package.
Millions of WordPress Websites Affected By Plugin Vulnerability : eAskme
Millions of WordPress Websites Affected By Plugin Vulnerability : eAskme
Other people are reading : Apple Wants To Make Spotlight Into A Serious Web Search Engine

Over one million sites which are using  the TwentyFifteen theme and JetPack plugin are vulnerable. Actually any plugin which includes example.html is vulnerable as this file comes with genericons package.

How to fix WordPress Genericons Package Vulnerability:
It is really easy to fix genericons package vulnerability. You just need to remove the example.html file from genericons package, as this is an unnecessary file.

Sucuri has decteted this vulnerability even before it was disclosed. Due to the quick response time, this vulnerability have low severity.

Also See : Vulnerability Found in Latest Versions of WordPress, Patch Now Available

Lets see some more technical details of genericons package vulnerability:
Millions of WordPress Websites Affected By Plugin Vulnerability

Here is the list of hosts that have rolled out the virtual patch:

  •     ClickHost
  •     DreamHost
  •     GoDaddy
  •     HostPapa
  •     Inmotion
  •     Pressable
  •     Pagely
  •     WPEngine
  •     SiteGround
  •     Site5
  •     Websynthesis

Also read : ISIL Defacements Exploiting WordPress Vulnerabilities

If your website is hosted on any one of these hosting providers then you need not to  worry about genericons package vulnerability. But if your website is hosted with some different hosting provider, then you have to manually fix this issue. I personally recommend you to remove the example.html from genericons directory to secure your site.