CVE-2021-47922: WordPress Plugin Slider by Soliloquy 2.6.2 Stored XSS
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of users viewing the slider on both administrative and frontend pages.
Security readout for executives and security teams
Plain-English summary
A WordPress site using Slider by Soliloquy 2.6.2 can store attacker-supplied JavaScript in a slider title. A logged-in attacker with slider editing access could make the script run for administrators or visitors viewing the slider, creating account and content-integrity risk.
Executive priority
Prioritize remediation for customer-facing or high-traffic WordPress sites, and for environments where marketing or editor accounts can manage sliders. The likely impact is session theft, unauthorized actions, or visitor trust damage rather than server takeover.
Technical view
CVE-2021-47922 is stored XSS in the title parameter of Slider by Soliloquy 2.6.2. The CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. It requires authenticated access and can execute on administrative and frontend slider views.
Likely exposure
Exposure is limited to WordPress installations running Slider by Soliloquy 2.6.2, especially where non-administrators can create or edit sliders. Public rendering of affected sliders increases business impact because injected script may reach site visitors.
Exploitation context
The source bundle includes an ExploitDB reference, but KEV is false and the provided sources do not state active exploitation. Treat the issue as publicly documented and potentially reproducible, not confirmed exploited in the wild.
Researcher notes
Evidence supports stored XSS in a single affected version and parameter. Do not assume unauthenticated exploitation, broader versions, or a known fixed release from this bundle. The key operational question is who can edit sliders and where affected sliders render.
Mitigation direction
Inventory WordPress sites for Slider by Soliloquy version 2.6.2.
Check Soliloquy and WordPress plugin guidance for a fixed version or vendor mitigation.
Restrict slider creation and editing to trusted administrators until remediated.
Disable affected slider content if vendor remediation is unavailable or delayed.
Review affected pages for suspicious slider titles or unexpected scripts.
Validation and detection
Confirm installed plugin name and version on each WordPress site.
Review roles that can create or edit Soliloquy sliders.
Inspect existing slider titles for unexpected script-like content.
Verify frontend and admin slider pages after applying vendor guidance.
Check web and WordPress audit logs for recent slider edits.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-79: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-79 · source CWE mapping
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.