CVE-2026-3844
published 2026-04-23CVE-2026-3844: The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function…
PriorityP191critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
36.51%
98.3th percentile
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudways | breeze_cache | <= 2.4.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes
4b0a00483046022100d6181b98a44314a77b530807dca8fe9439ec6eeccda2feab0f3a78c0dfd97314022100e5d5b0f03b221a6efbb5c551b6610a398981e2777d00af752fa180087b45d8d7:922c64590222798bb761d5b6d8e72950
- →Unauthenticated requests triggering file uploads should be flagged; exploitation requires no authentication, so any file upload activity via the Breeze Cache gravatar endpoint from unauthenticated sessions is suspicious. ↗
- →Wordfence has already blocked more than 170 exploitation attempts — review Wordfence logs for CVE-2026-3844 triggered rules as a detection signal. ↗
- ·Exploitation is only possible when the 'Host Files Locally - Gravatars' option is enabled; this feature is disabled by default, significantly limiting the attack surface. ↗
- ·All Breeze Cache versions up to and including 2.4.4 are affected; version 2.4.5 contains the fix. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c529-q7mw-hq6j: The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote'
ghsa_unreviewed·2026-04-23
CVE-2026-3844 [CRITICAL] CWE-434 GHSA-c529-q7mw-hq6j: The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote'
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.
VulnCheck
Unrestricted Upload of File with Dangerous Type
vulncheck·2026·CVSS 9.8
CVE-2026-3844 [CRITICAL] Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.
Affected: Cloudways Breeze Cache
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/w
No detection rules found.
Nuclei
Breeze <= 2.4.4 - Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2026-3844 [CRITICAL] Breeze <= 2.4.4 - Arbitrary File Upload
Breeze ")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100d6181b98a44314a77b530807dca8fe9439ec6eeccda2feab0f3a78c0dfd97314022100e5d5b0f03b221a6efbb5c551b6610a398981e2777d00af752fa180087b45d8d7:922c64590222798bb761d5b6d8e72950
Hackernews
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
blogs_hackernews·2026-04-24·CVSS 7.5
CVE-2026-33626 [HIGH] LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy , an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure.
The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data.
"A server-side request forgery (SSRF) vulnerability exists in LMDeploy's vision-language module," according to an advisory published by the project maintainers last week. "The lo
Bleepingcomputer
Hackers exploit file upload bug in Breeze Cache WordPress plugin
blogs_bleepingcomputer·2026-04-23·CVSS 9.8
CVE-2026-3844 [CRITICAL] Hackers exploit file upload bug in Breeze Cache WordPress plugin
## Hackers exploit file upload bug in Breeze Cache WordPress plugin
## Bill Toulas
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication.
The security issue is tracked as CVE-2026-3844 and has been leveraged in more than 170 exploitation attempts by the Wordfence security solution for the WordPress ecosystem.
The Breeze Cache WordPress caching plugin from Cloudways has more than 400,000 active installations and is designed to improve performance and loading speed by reducing page load frequency through caching, file optimization, and database cleanup.
The vulnerability received a critical severity score of 9.8 out of 10 and was discovered and reported by security rese
https://plugins.trac.wordpress.org/browser/breeze/tags/2.4.1/inc/class-breeze-cache-cronjobs.php#L119https://plugins.trac.wordpress.org/browser/breeze/tags/2.4.1/inc/class-breeze-cache-cronjobs.php#L89https://plugins.trac.wordpress.org/changeset/3511463/breezehttps://www.wordfence.com/threat-intel/vulnerabilities/id/e342b1c0-6e7f-4e2c-8a52-018df12c12a0?source=cve
2026-04-23
Published
Exploited in the wild