WordPress Plugin Vulnerabilities

Checklist < 1.1.9 - Unauthenticated Reflected XSS

Description

The fill parameter of the images/checklist-icon.php file is affected by a reflected XSS issue

Proof of Concept

Affects Plugins

Plugin icon
checklist
Fixed in 1.1.9

References

CVE
CVE-2019-16525
URL
https://packetstormsecurity.com/files/#154436/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Ricardo Sanchez
Verified
No
WPVDB ID
7b0404ef-bc97-4475-a97e-1990cf9129ab

Timeline

Publicly Published
2019-09-10 (about 6 years ago)
Added
2019-09-11 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-08-14
Title
WP Pipes <= 1.4.3 - Reflected Cross-Site Scripting
Published
2024-11-28
Title
Pixobe Cartography <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-06-19
Title
CP Polls < 1.0.82 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2014-08-01
Title
WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
Published
2025-01-02
Title
Plugin Oficial – Getnet para WooCommerce < 1.8.1 - Admin+ Stored XSS