Vulnerabilities and security researches forsoliloquy-lite soliloquy-lite

Jun 06, 2024

CVE, Research URL: d8276eb02654b7447accdf21d75754f13b40c842
Home page URL: Security reports for Slider by Soliloquy – Responsive Image Slider for WordPress
Application: Slider by Soliloquy – Responsive Image Slider for WordPress
Date: -
Research Description: Slider by Soliloquy – Responsive Image Slider for WordPress [soliloquy-lite] < 2.7.3 WordPress Slider by Soliloquy Plugin <= 2.7.2 is vulnerable to Broken Access Control Update the WordPress Slider by Soliloquy plugin to the latest available version (at least 2.7.3). Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress Slider by Soliloquy Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 2.7.3. Have additional information or questions about this entry? Get in touch.
Affected versions: max 2.7.3.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-51519
Home page URL: Security reports for Slider by Soliloquy – Responsive Image Slider for WordPress
Application: Slider by Soliloquy – Responsive Image Slider for WordPress
Date: Jun 11, 2024
Research Description: Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2.
Affected versions: max 2.7.3.
Status: vulnerable

Aug 11, 2024

CVE, Research URL: CVE-2024-35775
Home page URL: Security reports for Slider by Soliloquy – Responsive Image Slider for WordPress
Application: Slider by Soliloquy – Responsive Image Slider for WordPress
Date: Aug 13, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6.
Affected versions: max 2.7.7.
Status: vulnerable

May 12, 2026

CVE, Research URL: CVE-2021-47922
Home page URL: Security reports for Slider by Soliloquy – Responsive Image Slider for WordPress
Application: Slider by Soliloquy – Responsive Image Slider for WordPress
Date: May 10, 2026
Research Description: Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of users viewing the slider on both administrative and frontend pages.
Affected versions: max 2.6.2.
Status: vulnerable

May 23, 2026

CVE, Research URL: CVE-2026-7636
Home page URL: Security reports for Slider by Soliloquy – Responsive Image Slider for WordPress
Application: Slider by Soliloquy – Responsive Image Slider for WordPress
Date: May 22, 2026
Research Description: The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map_meta_cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract draft slider metadata including unpublished media URLs, captions, and slider configuration authored by administrators or editors.
Affected versions: max 2.8.2.
Status: vulnerable

Jun 06, 2026

CVE, Research URL: CVE-2019-25743
Home page URL: Security reports for Slider by Soliloquy – Responsive Image Slider for WordPress
Application: Slider by Soliloquy – Responsive Image Slider for WordPress
Date: Jun 04, 2026
Research Description: WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.
Affected versions: max 2.5.6.
Status: vulnerable