CVE-2019-16525
WordPress Checklist plugin (before v1.1.9) contains a Cross-Site Scripting (XSS) vulnerability. The vulnerable component is checklist-icon.php where the fill parameter is not properly filtered, allowing injection of JavaScript. Affected versions are prior to 1.1.9; exploitation is possible via cr...