Website Llms Txt
Monthly
Reflected cross-site scripting (XSS) in the Website LLMs.txt WordPress plugin versions up to 8.2.6 allows unauthenticated attackers to inject arbitrary JavaScript via the 'tab' parameter due to improper use of filter_input() without sanitization and insufficient output escaping. Exploitation requires social engineering an administrator to click a malicious link, but once successful grants the attacker ability to execute scripts in the admin's browser session with access to sensitive WordPress functions and data.
Stored cross-site scripting in Website LLMs.txt plugin for WordPress versions up to 8.2.6 allows authenticated administrators to inject arbitrary JavaScript into plugin settings that executes when any user visits affected pages. The vulnerability requires high privilege level (PR:H) and occurs only in multi-site installations or where unfiltered_html capability is disabled. No public exploit code or active exploitation has been identified.
Reflected cross-site scripting (XSS) in the Website LLMs.txt WordPress plugin versions up to 8.2.6 allows unauthenticated attackers to inject arbitrary JavaScript via the 'tab' parameter due to improper use of filter_input() without sanitization and insufficient output escaping. Exploitation requires social engineering an administrator to click a malicious link, but once successful grants the attacker ability to execute scripts in the admin's browser session with access to sensitive WordPress functions and data.
Stored cross-site scripting in Website LLMs.txt plugin for WordPress versions up to 8.2.6 allows authenticated administrators to inject arbitrary JavaScript into plugin settings that executes when any user visits affected pages. The vulnerability requires high privilege level (PR:H) and occurs only in multi-site installations or where unfiltered_html capability is disabled. No public exploit code or active exploitation has been identified.