Lucene search
K

110 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-10551

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

6.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-10551

The Breeze Cache WordPress plugin (before version 2.5.6) is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash in the HTML minification process and a related regex misusage. An attacker can inject arbitrary HTML attributes into the final HTML by predicting the placehol...

6.1CVSS6.2AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 8:17 p.m.7 views

CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a...

8.8CVSS0.00416EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 9:50 a.m.15 views

CVE-2026-39595

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-39595 for W3 Total Cache plugin

4.7CVSS5.1AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 7:24 a.m.12 views

MAL-2026-5604 Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:24 a.m.27 views

Malicious code in cache-section-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cad3d2732831e4b798073aff289abd1abdbb718b4caa9e4f970a0dd3f7733653 package.json declares a postinstall hook node -e "require'./loader.js'" that runs automatically on every npm install. loader.js hex-decodes the strin...

5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-3220

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

8.8CVSS5.6AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.20 views

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.7AI score0.36512EPSS
Exploits8References1
Patchstack
Patchstack
added 2026/05/28 2:55 p.m.14 views

WordPress Breeze Cache plugin <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Breeze versions = 2.5.2...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/18 7:16 a.m.29 views

CVE-2026-3220

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

8.8CVSS0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:0 a.m.11 views

CVE-2026-3220

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 6:0 a.m.10 views

CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

5.9AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 6:0 a.m.12 views

EUVD-2026-30736

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:0 a.m.43 views

CVE-2026-3220

CVE-2026-3220 affects three WordPress plugins: Autoptimize (before 3.1.15), Clearfy Cache (before 2.4.2), and Speed Optimizer (before 7.7.9). The issue is unauthenticated Stored XSS caused by a predictable replacement hash used during HTML minification and an abused regular expression, allowing a...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/23 8:41 a.m.9 views

WordPress Breeze Cache plugin <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote vulnerability

Unauthenticated Arbitrary File Upload via fetchgravatarfromremote vulnerability discovered by Hung Nguyen bashu - VN in WordPress Plugin Breeze versions = 2.4.4...

9.8CVSS5.8AI score0.36512EPSS
Exploits8References1Affected Software1
NVD
NVD
added 2026/04/23 3:16 a.m.6 views

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.36512EPSS
Exploits8References4
Cvelist
Cvelist
added 2026/04/23 2:25 a.m.42 views

CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.36512EPSS
Exploits8References4
ATTACKERKB
ATTACKERKB
added 2026/04/23 2:25 a.m.7 views

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS6.6AI score0.36512EPSS
Exploits8References5
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34629

Name of the Vulnerable Software and Affected Versions Breeze Cache versions prior to 2.4.5 Description The Breeze Cache plugin for WordPress contains an arbitrary file upload flaw that allows unauthenticated attackers to upload malicious files, such as PHP backdoors, potentially leading to remote...

9.8CVSS6.8AI score0.36512EPSS
Exploits8References48
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.29 views

CVE-2026-25347 WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through = 2026.1.0...

7.1CVSS0.00175EPSS
Exploits0References1
Rows per page
Query Builder