Medium severity4.8NVD Advisory· Published Jun 20, 2022· Updated Jun 17, 2026
CVE-2021-25088
CVE-2021-25088
Description
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.1.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/820c51d6-186e-4d63-b4a7-bd0a59c02cc8nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.