2 matches found
CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
PT-2026-34629
Name of the Vulnerable Software and Affected Versions Breeze Cache versions prior to 2.4.5 Description The Breeze Cache plugin for WordPress contains an arbitrary file upload flaw that allows unauthenticated attackers to upload malicious files, such as PHP backdoors, potentially leading to remote...