How to fix WordPress Genericons Vulnerability

 critical WordPress bug (WordPress Genericons Vulnerability) was disclosed that affects millions of users. The components which uses the Genericons font package causes this vulnerability. It can make your site open to XSS attacks.

The “Genericons” font package is used by “TwentyFifteen” theme and it is installed in WordPress by default. Actually, a file example.html which is included in the Genericon package caused this issue. That means any themes or plugin which is using Genericon package is vulnerable in the presence of example.html file. You should remove the mentioned file to make the website secure. Also, the websites running WordPress 4.2.2 is free from WordPress Genericons vulnerability.

You can either update the WordPress to WordPress 4.2.2 or delete the example.html file to fix WordPress Genericons vulnerability. You can delete the example.html files on the server by using the following commands.

Please go to server’s document root (Example: /home for cPanel and /var/www/vhosts for Plesk) and run:

find . -path "*/genericons/example.html"

Example output:


Run the following command to remove the example.html file.

find . -path "*/genericons/example.html" -exec rm -f {} \;

Verify the files are not present on the server by running the first command again.

find . -path "*/genericons/example.html"

That’s it!!

If you like the post and wish to receive more articles from us, please like our FB page: If you like this post and wish to receive more articles from us, please like our FB page: Button

Your suggestions and feedbacks will encourage us and help to improve further, please feel free to write your comments.

For more details on our services, please drop us an E-mail at

Add Comment

Click here to post a comment