VYPR
patchPublished May 5, 2026· Updated May 17, 2026· 1 source

Critical Vulnerability in Breeze Cache Plugin Under Active Exploitation

A critical arbitrary file upload vulnerability in the Breeze Cache WordPress plugin is being actively exploited, allowing unauthenticated attackers to achieve remote code execution.

A critical security vulnerability in the Breeze Cache WordPress plugin is currently being exploited by attackers to gain remote code execution on affected websites. The flaw, identified as CVE-2026-3844, carries a CVSS score of 9.8 and impacts all versions of the plugin up to and including 2.4.4 Wordfence.

The vulnerability stems from an arbitrary file upload flaw located within the fetch_gravatar_from_remote function. Because the plugin lacks proper file type validation, unauthenticated attackers can upload malicious files—including PHP backdoors—directly to the server Wordfence. This exploit path is only accessible if the "Host Files Locally - Gravatars" setting is enabled, a feature that is disabled by default but remains a significant risk for those who have activated it Wordfence.

The impact of this vulnerability is widespread, as Breeze Cache is installed on approximately 400,000 WordPress sites Wordfence. According to Wordfence, active exploitation began on April 22, 2026, the same day the vulnerability was publicly disclosed in their intelligence database. The security firm has reported blocking over 30,000 individual exploit attempts targeting the flaw Wordfence.

The vendor released a patch in version 2.4.5 on April 21, 2026, to address the issue Wordfence. Users of the Wordfence firewall were provided with protection against these exploits in stages: premium, care, and response users received a firewall rule on March 10, 2026, while users of the free version received the same protection on April 10, 2026 Wordfence. Despite these mitigations, administrators are strongly urged to update their installations to version 2.4.5 immediately to ensure full remediation Wordfence.

This incident highlights the ongoing risks associated with WordPress plugin vulnerabilities, particularly those that allow for unauthenticated remote code execution. As attackers continue to target widely used plugins, the rapid deployment of security patches remains the most effective defense against unauthorized server access and potential site compromise Wordfence.

Synthesized by Vypr AI
Critical Vulnerability in Breeze Cache Plugin Under Active Exploitation · VYPR