CVE-2026-11371
BetterDocs < 4.5.5 - Unauthenticated Stored XSS via AI Doc Summarizer Prompt Injection
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browser of any visitor who views the affected page, including administrators.
| Vendor | unknown |
| Product | betterdocs |
| Published | Jul 16, 2026 |
| Last Updated | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown betterdocs
Be the first to know when new medium vulnerabilities affecting unknown betterdocs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / BetterDocs
4.0.0 < 4.5.5
References
Credits
mcdruid WPScan