Vulnerability Overview - A criticalWordPress bug was disclosed on May 6th, 2015, affecting the "Genericons" icon font package, leading to potential cross-site scripting (XSS) attacks. Vulnerability Impact - The Genericons package's file introduces a vulnerability that could allow DOM-based cross-site scripting if a user clicks a specially crafted link while logged into their WordPress installation. Checking for Vulnerability - YourWordPress instance may be vulnerable if it was installed before and not updated to version 4.2.2. - The presence of an file under the TwentyFifteen theme directory or any plugin using Genericons signals vulnerability. Linux command: Patching Instructions - UpdateWordPress to the latest version. - Manually delete the offending file: