Reflected Cross-Site Scripting Vulnerability in Website LLMs.txt Plugin for WordPress
CVE-2026-6711
6.1MEDIUM
What is CVE-2026-6711?
The Website LLMs.txt plugin for WordPress contains a reflected cross-site scripting vulnerability through the 'tab' parameter across all versions up to 8.2.6. This issue arises from using filter_input() without proper input sanitization and inadequate output escaping. As a result, unauthenticated attackers may exploit this vulnerability to inject arbitrary scripts into web pages, which execute when an administrator unknowingly interacts with a malicious link. Website administrators should take immediate action to safeguard their sites from potential exploits.
Affected Version(s)
Website LLMs.txt 0 <= 8.2.6