CVE-2026-11371: The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and
Summary
The BetterDocs WordPress plugin before version 4.5.5 has a security flaw where it doesn't clean up AI-generated documentation summaries before storing and displaying them. Because this feature is available to users who aren't logged in, attackers can use prompt injection (tricking the AI by hiding malicious instructions in their input) to store harmful code that runs in visitors' browsers, including admin accounts.
Solution / Mitigation
Upgrade the BetterDocs WordPress plugin to version 4.5.5 or later.
Vulnerability Details
EPSS: 0.0%
July 16, 2026
Classification
Taxonomy References
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-11371
First tracked: July 16, 2026 at 08:08 AM
Classified by LLM (prompt v3) · confidence: 85%