CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31538 – WordPress Checklist plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31538
31 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in checklistcom Checklist allows Stored XSS. This issue affects Checklist: from n/a through 1.1.9. The Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages ... • https://patchstack.com/database/wordpress/plugin/checklist/vulnerability/wordpress-checklist-plugin-1-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44151 – WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-44151
22 Sep 2023 — Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1. Vulnerabilidad de falta de autorización en Brainstorm Force Pre-Publish Checklist. Este problema afecta a Pre-Publish Checklist: desde n/a hasta 1.1.1. The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppc_meta_box_ajax_add_handler and ppc_meta_box_ajax_delete_handler func... • https://patchstack.com/database/vulnerability/pre-publish-checklist/wordpress-pre-publish-checklist-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 1CVE-2019-16525 – Checklist <= 1.1.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16525
10 Sep 2019 — An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. Se detectó un problema de tipo XSS en el plugin checklist versiones anteriores a 1.1.9 para WordPress. El parámetro fill no es filtrado correctamente en el archivo checklist-icon.php, y es posible inyectar código JavaScript. • https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •