Detections
Analytics

CVE-2019-25743

medium

Description

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.

References

https://www.vulncheck.com/advisories/wordpress-soliloquy-lite-persistent-cross-site-scripting

https://www.exploit-db.com/exploits/47517

https://wordpress.org/plugins/soliloquy-lite/

https://soliloquywp.com/

Details

Source: Mitre, NVD

Published: 2026-06-04

Updated: 2026-06-10

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.0003