cbcvebase.

Cloudways Breeze Cache vulnerabilities

3 known vulnerabilities affecting cloudways/breeze_cache.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-3844P1CRITICALCVSS 9.8ExploitedPoC≤ 2.4.42026-04-23
CVE-2026-3844 [CRITICAL] CWE-434 CVE-2026-3844: The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file ty The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution p
nvd
CVE-2025-13864P4MEDIUMCVSS 5.3≤ 2.2.212026-02-19
CVE-2025-13864 [MEDIUM] CWE-862 CVE-2025-13864: The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearin The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint `/wp-json/breeze/v1/clear-all-cache` being registered with `permission_callback => '__return_true'` and authentication being disabled by default when the API is enabl
nvd
CVE-2026-2128P4MEDIUMCVSS 5.3≤ 2.5.22026-05-29
CVE-2026-2128 [MEDIUM] CWE-200 CVE-2026-2128: The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorize The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the `wordpress_logged_in_` cookie in the `inc/cache/execute-cache.php` file when the "Cache Logged-in Users" setting is enabled. The plugin parses the username d
nvd
Cloudways Breeze Cache vulnerabilities | cvebase