CVE-2019-25743

MEDIUM

WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25743. PoCs published by Unk9vvN.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in WordPress Soliloquy Lite 2.5.6 by injecting a malicious script into the post title, which executes when previewed. The PoC includes a detailed HTTP request with the payload embedded in the `post_title` parameter.

Description

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.

Exploits (1)

exploitdb WORKING POC

by Unk9vvN · textwebappsphp

https://www.exploit-db.com/exploits/47517

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in WordPress Soliloquy Lite 2.5.6 by injecting a malicious script into the post title, which executes when previewed. The PoC includes a detailed HTTP request with the payload embedded in the `post_title` parameter.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Soliloquy Lite 2.5.6

Auth required

Prerequisites: WordPress admin access · Soliloquy Lite plugin installed and activated

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Jun 04, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-47517

https://www.exploit-db.com/exploits/47517

Product product

Official Product Homepage

https://soliloquywp.com/

Product product

Product Reference

https://wordpress.org/plugins/soliloquy-lite/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting

https://www.vulncheck.com/advisories/wordpress-soliloquy-lite-persistent-cross-site-scripting

Scores

CVSS v3 5.4

EPSS 0.0017

EPSS Percentile 6.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Soliloquywp/Soliloquy Lite 2.5.6

Published Jun 04, 2026

Tracked Since Jun 04, 2026