CVE-2021-25088: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2021-25088) affects the XML Sitemaps WordPress plugin versions before 4.1.3. The issue was discovered by ZhongFu Su(JrXnm) of Wuhan University and was publicly disclosed on May 30, 2022. This security flaw exists in the plugin's Debug page where certain settings are not properly sanitized and escaped (WPScan).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue with a CVSS score of 3.4 (low severity). The security flaw occurs specifically in the Debug page functionality where the plugin fails to properly sanitize and escape settings before output. This vulnerability is categorized under CWE-79 and falls into the OWASP Top 10 category A7: Cross-Site Scripting (XSS) (WPScan).

The vulnerability allows high-privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed, which is particularly concerning in multisite setups. This could potentially lead to unauthorized script execution in the context of other administrative users' sessions (WPScan).

The vulnerability has been fixed in version 4.1.3 of the XML Sitemaps WordPress plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).