Unrated severityNVD Advisory· Published May 2, 2022· Updated Apr 28, 2026
WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability
CVE-2022-29444
Description
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.
Affected products
1- Range: <= 2.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- patchstack.com/database/vulnerability/breeze/wordpress-breeze-plugin-2-0-2-plugin-settings-change-leading-to-cross-site-scripting-xss-vulnerabilitymitrex_refsource_CONFIRM
- wordpress.org/plugins/breeze/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.