CVE-2025-22360
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promact WP Azure offload wp-azure-offload allows Reflected XSS.This issue affects WP Azure offload: from n/a through <= 2.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS vulnerability in WP Azure offload plugin (<=2.0) allows attackers to inject malicious scripts via crafted requests, requiring user interaction.
The WP Azure offload plugin for WordPress is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user-supplied input during web page generation. This affects all versions up to and including 2.0 [1].
Exploitation requires an attacker to craft a malicious link or request that, when clicked or submitted by a privileged user (such as an administrator), causes the injected script to execute in the context of the victim's browser. User interaction is a necessary prerequisite for successful exploitation [1].
Successful exploitation allows an attacker to inject arbitrary HTML and JavaScript payloads, which can be used to perform actions such as redirecting visitors to malicious sites, displaying advertisements, or stealing sensitive information. The vulnerability is considered moderately dangerous and is expected to be used in mass-exploit campaigns targeting thousands of websites [1].
As a mitigation, users are advised to update the plugin to a patched version as soon as it becomes available. In the interim, Patchstack has issued a virtual mitigation rule that blocks attacks until an official patch can be applied [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <= 2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.