Volerion logoVolerion
Volerion logoVolerion

Slider by Soliloquy WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Slider by Soliloquy WordPress plugin, in all versions through 2.8.1. This vulnerability arises from the 'map_meta_cap' feature, which can be exploited by authenticated users with subscriber-level access or higher. The issue allows these users to access draft slider metadata, including unpublished media URLs, captions, and slider configurations created by administrators or editors.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive slider metadata, including unpublished media URLs and captions, potentially allowing for further exploitation or misuse of this information.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can send a request to the WordPress REST API endpoint for the Soliloquy slider post type. The 'map_meta_cap' filter will allow access to draft sliders, from which unpublished media URLs, captions, and slider configurations can be extracted.

Remediation

Users are advised to update the Slider by Soliloquy WordPress plugin to version 2.8.2 or a newer patched version.

Added: May 22, 2026, 9:20 AM
Updated: May 22, 2026, 9:20 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
6.3
remediation
0.0
relevance
8.9
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.