CVE-2026-2128

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

Exploit for CVE-2026-3844

CVE-2026-3844 PoC exploit for CVE-2026-3844, a critical unauth...

VulnCheck KEV: CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Breeze versions = 2.2.21...

CVE-2025-69364

The CVE-2025-69364 entry concerns WordPress Breeze plugin (≤ 2.2.21). A Missing/ Broken Authorization issue arises from incorrectly configured access control in Breeze, exposing unauthorized access. Affects Breeze versions through 2.2.21; CVSSv3.1 base score 5.3 (Network, Low confidentiality impa...

CVE-2025-69364 WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through = 2.2.21...

CVE-2025-69364 WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through = 2.2.21...

WordPress plugin Breeze 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Breeze Checkout Plugin Missing Authorization Vulnerability

WordPress Breeze Checkout Plugin is a free and open source caching plugin developed by Cloudways, mainly used to optimize the loading speed and performance of WordPress websites. WordPress Breeze Checkout Plugin suffers from a lack of authorization vulnerability that stems from a lack of...

CVE-2025-49961 WordPress Breeze Checkout plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through = 1.4.0...

Wordpress Plugin Breeze Checkout 安全漏洞

WordPress Breeze Checkout Plugin is a free and open source caching plugin developed by Cloudways, mainly used to optimize the loading speed and performance of WordPress websites. WordPress Breeze Checkout Plugin suffers from a lack of authorization vulnerability that stems from a lack of...

CVE-2025-23999 WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through = 2.2.13...

CVE-2025-23999

CVE-2025-23999 is a Missing Authorization / Broken Access Control vulnerability impacting the Breeze WordPress Cache Plugin (WordPress Breeze). Public sources confirm the affected range as Breeze versions up to and including 2.2.13. The underlying issue is an access-control misconfiguration that ...

WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by domiee13 Patchstack Alliance in WordPress Plugin Breeze versions = 2.2.13...

WordPress plugin Breeze 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Breeze Display plugin <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via calsize Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Breeze Display versions = 1.2.3...

WordPress Breeze Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Breeze Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27188 Patch priority Low CVSS severity Low 5.9 Developer Cloudways PSID ea09c0200c6b Credits Jorge Diaz ddiax Required privilege Administrator...

CVE-2022-29444 WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability

Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...