CVE-2026-6712

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

CVE-2026-6711

The CVE-2026-6711 entry concerns the Website LLMs.txt WordPress plugin (versions up to 8.2.6). The vulnerability is Reflected Cross-Site Scripting via the tab parameter, caused by use of filter_input() without a sanitization filter and insufficient output escaping. This allows unauthenticated att...

CVE-2026-6712 Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

WordPress plugin Website LLMs.txt 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-27068 WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Howard Website LLMs.txt website-llms-txt allows Reflected XSS.This issue affects Website LLMs.txt: from n/a through = 8.2.6...