Review
BetterDocs
CVE published 2026-07-16
CVE-2026-11371
The BetterDocs WordPress plugin before 4.5.5 is vulnerable to prompt injection attacks due to improper sanitization of AI-generated documentation summaries. An unauthenticated user can inject malicious payload, which is then stored and outputted without proper sanitization. This can lead to the execution of malicious code in the browser of any visitor who views the affected page, including administrators. [truncated]