Cloudways Breeze Cache vulnerabilities
3 known vulnerabilities affecting cloudways/breeze_cache.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-3844P1CRITICALCVSS 9.8ExploitedPoC≤ 2.4.42026-04-23
CVE-2026-3844 [CRITICAL] CWE-434 CVE-2026-3844: The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file ty
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution p
nvd
CVE-2025-13864P4MEDIUMCVSS 5.3≤ 2.2.212026-02-19
CVE-2025-13864 [MEDIUM] CWE-862 CVE-2025-13864: The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearin
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint `/wp-json/breeze/v1/clear-all-cache` being registered with `permission_callback => '__return_true'` and authentication being disabled by default when the API is enabl
nvd
CVE-2026-2128P4MEDIUMCVSS 5.3≤ 2.5.22026-05-29
CVE-2026-2128 [MEDIUM] CWE-200 CVE-2026-2128: The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorize
The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the `wordpress_logged_in_` cookie in the `inc/cache/execute-cache.php` file when the "Cache Logged-in Users" setting is enabled. The plugin parses the username d
nvd