PT-2026-39498 · WordPress · Slider By Soliloquy

Abdurrahman Erkan

Published

2026-05-10

Updated

2026-05-10

CVE-2021-47922

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Slider by Soliloquy version 2.6.2

Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts via the title parameter. By adding JavaScript payloads to the title field during the creation or editing of sliders, the scripts are executed in the browsers of users who view the slider on both administrative and frontend pages.

Recommendations As a temporary workaround, restrict the use of the title parameter when creating or editing sliders to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-47922

Affected Products

Slider By Soliloquy

PT-2026-39498 · WordPress · Slider By Soliloquy

CVE-2021-47922

Weakness Enumeration

Related Identifiers

Affected Products

References · 7