EasyEngine fix for Genericons XSS Vulnerability

A XSS Vulnerability is discovered in Genericons library present in WordPress default theme TwentyFifteen as well as famous Jetpack plugin. More details about this can be found on WPTavern and Sucuri.

The easiest way to fix this is to upgrade your WordPress sites to 4.2.2. If for some reason, you can’t do that you can add following codes to nginx config:

location ~* /example.html {
 deny all;
}

EasyEngine Users

We have added this code to EasyEngine v3.1.4.

Existing users simply need to run following update command to get latest version of EasyEngine:

ee update

Above one command will forbid access to affected example.html files on your server.

You need to run above command once to fix this for all WordPress sites on your server.

Links: EasyEngine Home | Release Notes

Leave a Reply