CVE-2026-6711

Name of the Vulnerable Software and Affected Versions LLMs.txt plugin for WordPress versions prior to 8.2.7

Description Reflected Cross-Site Scripting is possible via the 'tab' parameter. The issue arises from the use of filter input() without a sanitization filter and insufficient output escaping, allowing unauthenticated attackers to inject arbitrary web scripts into pages that execute if an administrator is tricked into clicking a link.

Recommendations Update the plugin to a version later than 8.2.6. Avoid using the tab parameter in the affected plugin until the update is applied.