A WordPress cross site vulnerability has been reported for any theme or plugin using the genericons package.
Almost all WordPress sites have the genericons package installed with included WordPress theme TwentyFifteen the any sites that have installed the JetPack plugin.
All users are advised to update WordPress framework, themes, and plugins as soon as a security patch is released.
If you are unable to update, you can patch your WordPress site by deleting example.html out of the genericons folder in any plugin or theme in your wp-content folder.
---
More details on Sucuri.net blog.
