CVE-2025-31733: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Boot Div WP Sitemap plugin versions through 1.0.0. The vulnerability was identified on April 1, 2025, and requires Contributor or higher privileges to exploit. The issue was reported by security researcher 0xd4rk5id3 (Patchstack).

The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). It received a CVSS v3.1 score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low attack complexity, and required privileges (NVD).

The vulnerability allows malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts are executed when guests visit the affected site (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).