PatchSiren cyber security CVE debrief
CVE-2019-25743 Soliloquywp CVE debrief
CVE-2019-25743 is a persistent cross-site scripting (XSS) vulnerability in WordPress Soliloquy Lite 2.5.6. An authenticated attacker can inject malicious scripts by inserting script tags in the post title field. This is achieved by submitting POST requests to the post editing endpoint with script payloads in the post_title parameter. The injected scripts are stored and executed when users preview the post.
- Vendor
- Soliloquywp
- Product
- Soliloquy Lite
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-10
Who should care
Users of WordPress Soliloquy Lite 2.5.6 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.1 and a medium severity. It requires authentication and user interaction to exploit.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to a patched version of WordPress Soliloquy Lite, if available.
- Restrict access to the post editing endpoint to authorized users only.
- Implement additional security measures, such as input validation and output encoding.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively.
Official resources
CVE-2019-25743 was published on [cvePublishedAt] and last modified on [cveModifiedAt].