Soliloquywp CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Soliloquywp CVE published 2026-06-04

CVE-2019-25743

CVE-2019-25743 is a persistent cross-site scripting (XSS) vulnerability in WordPress Soliloquy Lite 2.5.6. An authenticated attacker can inject malicious scripts by inserting script tags in the post title field. This is achieved by submitting POST requests to the post editing endpoint with script payloads in the post_title parameter. The injected scripts are stored and executed when users preview the post.

MEDIUM Soliloquywp CVE published 2026-05-10

CVE-2021-47922

CVE-2021-47922 describes a stored cross-site scripting issue in Slider by Soliloquy 2.6.2. According to the supplied record, an authenticated attacker can place malicious JavaScript in the slider title field when creating or editing sliders, and that payload can execute in the browsers of users who view the slider on administrative or frontend pages.