The vulnerability in the Related Posts Lite plugin stems from improper input sanitization and output escaping in its admin settings interface. This flaw permits administrators to embed arbitrary web scripts that execute when a user accesses an affected page. While this vulnerability requires administrator-level access to exploit, it is particularly concerning because the scripts are stored persistently. The issue is limited to environments where multi-site installations are in use or where the unfiltered_html capability is restricted. The vulnerability does not have a CVSS score at the moment, indicating a potential lack of severity assessment, but it still poses a risk by allowing script injection that could lead to various forms of attacks, including data theft and user session hijacking.

To mitigate this vulnerability, it is crucial to ensure that all input fields within the Related Posts Lite plugin settings are properly sanitized and that output functions are escaped. Administrators should enable filtering for all user roles whenever possible and audit usage of the unfiltered_html capability. Additionally, limit administrator access to only trusted personnel and employ a thorough review of plugin settings on multi-site installations.