CVE-2019-25743
Deferred Deferred - Pending Action
Persistent XSS in WordPress Soliloquy Lite Plugin

Publication date: 2026-06-04

Last updated on: 2026-06-10

Assigner: VulnCheck

Description
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-10
Generated
2026-06-25
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2019-25743
EUVD
EUVD-2019-20179
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
soliloquy soliloquy_lite 2.5.6
soliloquywp soliloquy_lite 2.5.6
soliloquywp soliloquy_lite to 2.5.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the WordPress Soliloquy Lite 2.5.6 persistent cross-site scripting vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2019-25743 is a persistent cross-site scripting (XSS) vulnerability in WordPress Soliloquy Lite version 2.5.6. It allows authenticated attackers to inject malicious scripts by inserting script tags into the post title field. Attackers submit POST requests to the post editing endpoint with a script payload in the post_title parameter. This payload is stored and later executed when users preview the affected post.

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts in the context of your website when users preview posts. This can lead to unauthorized actions such as stealing user session data, defacing content, or performing actions on behalf of users without their consent. Since the attack requires authentication, it could be exploited by users with limited privileges to escalate their impact.

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious script tags in the post title fields of posts created or edited using the Soliloquy Lite plugin version 2.5.6 or earlier.

One approach is to monitor POST requests to the post editing endpoint and inspect the post_title parameter for suspicious script payloads.

For example, you can use web server logs or network monitoring tools to filter POST requests containing <script> tags in the post_title parameter.

A sample command using grep on web server logs might be:

  • grep -i 'post_title=.*<script' /path/to/access.log

Additionally, within WordPress, you can audit posts with suspicious titles by running a database query to find titles containing script tags.

  • SELECT ID, post_title FROM wp_posts WHERE post_title LIKE '%<script>%';

These methods help identify if malicious scripts have been injected via the vulnerable parameter.

Mitigation Strategies

To mitigate this vulnerability, immediately update the Soliloquy Lite plugin to a version later than 2.5.6 where the issue is fixed.

If an update is not immediately possible, restrict access to the post editing endpoint to trusted authenticated users only, as the vulnerability requires authentication.

Additionally, review and sanitize post titles to remove any injected script tags or suspicious content.

Consider disabling the preview functionality temporarily to prevent execution of stored malicious scripts.

Monitor logs for suspicious POST requests containing script tags in the post_title parameter and remove any malicious posts found.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25743. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart