Genericons and Theme Updates

Earlier today, the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. security team shipped new versions of a number of themes that were vulnerable to a cross-site scripting issue due to shipping a Genericons example file. This was in conjunction with WordPress 4.2.2 but happened hours prior to it shipping. This is the first time we’ve updated themes without notifying the theme authors ahead of time, so I wanted to make sure that we let you know that it happened and answer any question you have.

Note: Among the themes updated was Twenty Fifteen due to the same vulnerability.

If you have any questions, feel free to ask and I’ll do my best to respond to them.