Late yesterday evening, WordPress core released an update (4.2.2) to address an issue with Genericons. While WordPress does not include Genericons within the core files, many plugins and themes do. Recently, Sucuri identified a XSS (Cross Site Scripting) vulnerability within Genericons. A file (example.html) was left in the production version and is a security risk. Most hosting companies were notified over a week ago and patches were applied accordingly (our servers at InMotion have been patched for over a week). JetPack and the 2015 theme were both vulnerable and patched yesterday. Since many themes and plugins were using Genericons icon package, WordPress decided to be proactive and apply a fix to core. WordPress scans the wp-content folder. If it finds the example.html file is will remove it. If you haven’t updated WordPress already please do so now.
InMotion Hosting was founded in 2001 and provides personal and business web hosting for everyone! For more information about InMotion Hosting and the services we provide see here:
Publisher: InMotion Hosting
You can watch this video also at the source.