Loading market data...
← Back to CVE feed

CVE-2019-25743

MEDIUM CVSS 6.4 View on NVD ↗

Description

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Published: Jun 04, 2026 14:16 UTC Modified: Jun 04, 2026 15:00 UTC