VulnerabilityBleeping Computer
9.8 — CRITICAL
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Hackers are exploiting a critical vulnerability in the Breeze Cache WordPress plugin, allowing arbitrary file uploads without authentication, which can lead to remote code execution and website takeover.
⚙️Technical Details
CVEs
CVE-2026-3844
Affected Systems
Breeze Cache WordPress caching plugin from Cloudways
Attack Vectors
NETWORK
💥Impact Assessment
Severity: critical
Who Is at Risk
Website owners/admins who rely on Breeze Cache to boost performance
🛡️Recommended Actions
1Upgrade to the latest version of the plugin (version 2.4.5) as soon as possible
2Temporarily disable the 'Host Files Locally - Gravatars' add-on if upgrading is not currently possible
3Disable Breeze Cache caching plugin altogether until a patch is available
📦Affected Products
Breeze Cache WordPress caching plugin from Cloudways
🔐NVD Verified DataVERIFIED
CVE-2026-3844 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-434
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.