PatchSiren

BetterDocs CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review BetterDocs CVE published 2026-07-16

CVE-2026-11371

The BetterDocs WordPress plugin before 4.5.5 is vulnerable to prompt injection attacks due to improper sanitization of AI-generated documentation summaries. An unauthenticated user can inject malicious payload, which is then stored and outputted without proper sanitization. This can lead to the execution of malicious code in the browser of any visitor who views the affected page, including administrators. [truncated]