WordPress · Slider By Soliloquy · CVE-2021-47922
**Name of the Vulnerable Software and Affected Versions**
Slider by Soliloquy version 2.6.2
**Description**
A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts via the `title` parameter. By adding JavaScript payloads to the title field during the creation or editing of sliders, the scripts are executed in the browsers of users who view the slider on both administrative and frontend pages.
**Recommendations**
As a temporary workaround, restrict the use of the `title` parameter when creating or editing sliders to minimize the risk of exploitation.