CVE-2019-25743

MEDIUM NVD

CVSS Score 6.4

Severity MEDIUM

Published Jun 04, 2026

Vendor unknown

Description

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.

References

https://soliloquywp.com/
https://wordpress.org/plugins/soliloquy-lite/
https://www.exploit-db.com/exploits/47517
https://www.vulncheck.com/advisories/wordpress-soliloquy-lite-persistent-cross-site-scripting