9 matches found
CVE-2026-10551
The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...
CVE-2026-10551
The Breeze Cache WordPress plugin (before version 2.5.6) is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash in the HTML minification process and a related regex misusage. An attacker can inject arbitrary HTML attributes into the final HTML by predicting the placehol...
CVE-2026-3844
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
WordPress Breeze Cache plugin <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Breeze versions = 2.5.2...
WordPress Breeze Cache plugin <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote vulnerability
Unauthenticated Arbitrary File Upload via fetchgravatarfromremote vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Breeze versions = 2.4.4...
CVE-2026-3844
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2026-3844
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
PT-2026-34629
Name of the Vulnerable Software and Affected Versions Breeze Cache versions prior to 2.4.5 Description The Breeze Cache plugin for WordPress contains an arbitrary file upload flaw that allows unauthenticated attackers to upload malicious files, such as PHP backdoors, potentially leading to remote...