{"data":{"id":"58486170-8746-4313-8933-2c53548d57d0","title":"CVE-2026-11371: The BetterDocs  WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and","summary":"The BetterDocs WordPress plugin before version 4.5.5 has a security flaw where it doesn't clean up AI-generated documentation summaries before storing and displaying them. Because this feature is available to users who aren't logged in, attackers can use prompt injection (tricking the AI by hiding malicious instructions in their input) to store harmful code that runs in visitors' browsers, including admin accounts.","solution":"Upgrade the BetterDocs WordPress plugin to version 4.5.5 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-11371","publishedAt":"2026-07-16T07:16:46.480Z","cveId":"CVE-2026-11371","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-16T07:16:46.480Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0051"]}}