halcyon220 wrote:paulojunior85 wrote:The problem affects the theme TwentyFifteen, installed by default, and the Jetpack plugin, which has more than one million installations.
In focus is the package "genericons" WordPress, something that WordPress add-ons use and comes with an unsafe file, leaving the site open to cross-site scripting vulnerabilities. If a hacker get deceive a user and do you click on a malicious link, he can acquire full control of said user site.
Fortunately, the fix for the problem is simple: just remove the file "example.html" genericons of any instance in your WordPress.
how do you know this?
I have a friend that knows a lot about computer, wordpress and many things and one day he said about this.








