CVE-2019-16525

Name of the Vulnerable Software and Affected Versions WordPress checklist plugin versions prior to 1.1.9

Description A cross-site scripting (XSS) issue was found due to improper filtering of the fill parameter in the checklist-icon.php file, allowing the injection of JavaScript code.

Recommendations For versions prior to 1.1.9, update to version 1.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the checklist-icon.php file until the update is applied. Avoid using the fill parameter in the affected endpoint until the issue is resolved.