Checklist <= 1.1.5 - Unauthenticated Reflected XSS



Description
The fill parameter of the images/checklist-icon.php file is affected by a reflected XSS issue
Proof of Concept
wp-content/plugins/checklist/images/checklist-icon.php?&fill="></script>alert("XSS")</script></path>

Affects Plugin

fixed in version 1.1.9

References

CVE 2019-16525
PACKETSTORM 154436

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Ricardo Sanchez
Views 4577
Verified No
WPVDB ID 9877

Timeline

Publicly Published 2019-09-10 (2 months ago)
Added 2019-09-11 (2 months ago)
Last Updated 2019-09-20 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin