CVE-2024-11896: The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-S
mediumvulnerabilityLLM-Specific
security
Summary
A WordPress plugin called Text Prompter is vulnerable to stored cross-site scripting (XSS, a type of attack where harmful code is hidden in web pages and runs when users visit them) in all versions up to 1.0.7. Attackers with contributor-level access or higher can inject malicious scripts through the plugin's shortcode feature because the plugin does not properly filter or secure user input.
Vulnerability Details
CVSS Score
6.4(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedAPI
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-11896
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%