CVE-2019-25743
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
WordPress Soliloquy Lite version 2.5.6 contains a persistent cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field.
Risk Assessment
Attackers can exploit this vulnerability to inject malicious code, potentially leading to user data theft or account takeover.
Recommendation
It is recommended to update the Soliloquy Lite plugin to the latest version to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.

