Attackers Actively Exploiting Critical Vulnerability in Breeze Cache WordPress Plugin
A critical Arbitrary File Upload vulnerability in the Breeze Cache WordPress plugin is being actively exploited, allowing for remote code execution.
Attackers are actively exploiting a critical vulnerability in the Breeze Cache WordPress plugin, which has an estimated 400,000 active installations. The vulnerability, an Arbitrary File Upload flaw, allows unauthenticated attackers to upload malicious files, including PHP backdoors, leading to remote code execution (RCE).
The vulnerability was publicly disclosed by Wordfence on April 22nd, 2026, and the vendor released a fully patched version on April 21st, 2026. Exploitation attempts began on the same day the vulnerability was disclosed, with the Wordfence Firewall blocking over 30,000 exploit attempts. This indicates a high level of malicious activity targeting websites using the vulnerable plugin.
Users of the Breeze Cache plugin are strongly urged to update to the latest version immediately to protect their websites from compromise. The active exploitation highlights the critical need for prompt patching of known vulnerabilities in popular plugins.