– Proof of Concept - Atomic Edge

Atomic Edge analysis of CVE-2026-6712: This is a Stored Cross-Site Scripting (XSS) vulnerability in the Website LLMs.txt plugin for WordPress, affecting versions up to and including 8.2.6. The vulnerability resides in the plugin’s admin settings page and allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts that execute whenever a user accesses an affected page. The issue is limited to multi-site installations or environments where unfiltered_html has been disabled, and carries a CVSS score of 4.4.

The root cause is insufficient input sanitization and output escaping across multiple code paths in the admin page (admin/admin-page.php) and the generator class (includes/class-llms-generator.php). Specifically, the vulnerable code uses esc_html() for output within HTML attributes instead of esc_attr(), and fails to escape output in textarea values and hidden input fields. For example, in admin-page.php lines 102-103 and 120-121, the code uses echo esc_html($post_type->labels->name) for the input name attribute, when esc_attr() should be used. Similarly, lines 100-101 for value attributes use echo $settings[‘post_name’][…] without any escaping. The patch also addresses unescaped outputs in generator.php, such as lines 415-419 where llms_txt_title, meta_description, and llms_after_txt_description are output without esc_html() before being written to the llms.txt file.

An attacker with administrator access to a WordPress multi-site or a site with unfiltered_html disabled can exploit this by navigating to the plugin’s settings page (typically at /wp-admin/admin.php?page=llms-settings). The attacker inputs malicious JavaScript payloads into any of the unsanitized fields, such as the post type name label, LLMs.txt title, description, or custom post name fields. For instance, placing a payload like into the “LLMS.txt Title” textarea causes the script to execute when the page is rendered. The injected script is stored in the plugin’s settings (via the llms_generator_settings option) and persists across page loads, infecting all subsequent visits to the settings page.

The patch applies proper escaping functions throughout the affected code. In admin-page.php, the patch replaces esc_html() with esc_attr() for attribute contexts and adds esc_attr() wrapping around value outputs. For textarea values, the patch uses esc_textarea(). In class-llms-generator.php, the patch adds esc_html() to all text content written to the llms.txt output file, such as titles, descriptions, post titles, and permalinks. The patch also sanitizes the GET ‘tab’ parameter with sanitize_key() before output. These changes ensure that user-supplied data is properly escaped for its output context, preventing script injection.

The impact of successful exploitation is the injection and execution of arbitrary JavaScript within the WordPress admin area. This could allow an attacker to perform actions in the context of the victim user, such as creating new administrative accounts, modifying plugin settings, or exfiltrating session cookies. However, since the attack requires administrator-level privileges, the primary threat is cross-site scripting attacks against other administrators or users with access to the settings page, which could lead to privilege escalation or complete site compromise in multi-site environments.