Checklist <= 1.1.5 - Unauthenticated Reflected XSS



Description
The fill parameter of the images/checklist-icon.php file is affected by a reflected XSS issue
Proof of Concept The PoC will be displayed on September 25, 2019, to give users the time to update.

Affects Plugin

fixed in version 1.1.9

References

CVE 2019-16525
PACKETSTORM 154436

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Ricardo Sanchez
Views 2258
Verified No
WPVDB ID 9877

Timeline

Publicly Published 2019-09-10 (13 days ago)
Added 2019-09-11 (12 days ago)
Last Updated 2019-09-20 (3 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin