CVE Catalog

CVE-2019-25743

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

WordPress Soliloquy Lite version 2.5.6 contains a persistent cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field.

Risk Assessment

Attackers can exploit this vulnerability to inject malicious code, potentially leading to user data theft or account takeover.

Recommendation

It is recommended to update the Soliloquy Lite plugin to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS