Lucene search
+L

26 matches found

EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43283

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

6.1CVSS6.2AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-10551

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

6.1CVSS0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-10551 Breeze Cache < 2.5.6 - Unauthenticated Stored XSS via Minify Library

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-10551

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

6.2AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-10551

The Breeze Cache WordPress plugin (before version 2.5.6) is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash in the HTML minification process and a related regex misusage. An attacker can inject arbitrary HTML attributes into the final HTML by predicting the placehol...

6.1CVSS6.2AI score0.00149EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/06 8:37 a.m.78 views

Exploit for CVE-2026-3844

CVE-2026-3844 – Breeze Cache WordPress Plugin Unauthenticated...

9.8CVSS6.1AI score0.36512EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.21 views

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.7AI score0.36512EPSS
Exploits8References1
Cvelist
Cvelist
added 2026/05/29 3:39 a.m.40 views

CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

5.3CVSS0.00273EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/29 3:39 a.m.16 views

CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References7
CVE
CVE
added 2026/05/29 3:39 a.m.38 views

CVE-2026-2128

The Breeze WordPress Cache plugin (versions up to 2.5.2) is vulnerable due to improper verification of the wordpress_logged_in_ cookie in inc/cache/execute-cache.php when Cache Logged-in Users is enabled. An unauthenticated attacker can present a crafted cookie (e.g., wordpress_logged_in_fake=adm...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/05/28 2:55 p.m.14 views

WordPress Breeze Cache plugin <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Breeze versions = 2.5.2...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/05/08 1:7 p.m.166 views

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache Unauthenticated Arbitrary File Up...

9.8CVSS6.5AI score0.36512EPSS
Exploits8
Wordfence Blog
Wordfence Blog
added 2026/05/05 6:4 p.m.10 views

Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin

On April 22nd, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Breeze Cache, a WordPress plugin with an estimated 400,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP backdoors, and...

9.8CVSS6.8AI score0.36512EPSS
Exploits8
GithubExploit
GithubExploit
added 2026/04/30 11:4 a.m.111 views

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache RCE Unauthenticated Arbitrary...

9.8CVSS6.5AI score0.36512EPSS
Exploits8
GithubExploit
GithubExploit
added 2026/04/24 10:15 a.m.143 views

Exploit for CVE-2026-3844

CVE-2026-3844 Breeze Cache ≤ 2.4.4 - Unauthenticated Arbitrary...

9.8CVSS6.1AI score0.36512EPSS
Exploits8
GithubExploit
GithubExploit
added 2026/04/24 2:52 a.m.230 views

Exploit for CVE-2026-3844

CVE-2026-3844 Mass Exploit CVE-2026-3844 – Breeze Cache Word...

9.8CVSS5.8AI score0.36512EPSS
Exploits8
Patchstack
Patchstack
added 2026/04/23 8:41 a.m.10 views

WordPress Breeze Cache plugin <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote vulnerability

Unauthenticated Arbitrary File Upload via fetchgravatarfromremote vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Breeze versions = 2.4.4...

9.8CVSS5.8AI score0.36512EPSS
Exploits8References1Affected Software1
EUVD
EUVD
added 2026/04/23 4:0 a.m.10 views

EUVD-2026-25174

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.6AI score0.36512EPSS
Exploits8References5
NVD
NVD
added 2026/04/23 3:16 a.m.6 views

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.36512EPSS
Exploits8References4
Vulnrichment
Vulnrichment
added 2026/04/23 2:25 a.m.20 views

CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.6AI score0.36512EPSS
Exploits8References4
Rows per page
Query Builder