Hackers Exploit File Upload Flaw in Breeze Cache Plugin

Hackers Take Advantage of File Upload Vulnerability in Breeze Cache Plugin for WordPress

Last updated on April 24, 2026April 24, 2026 by Souvik Banerjee on Categories WordPress

Critical Vulnerability Discovered in Breeze Cache Plugin for WordPress

Hackers are currently exploiting a serious vulnerability in the Breeze Cache plugin for WordPress, enabling unauthorized file uploads to the server without requisite authentication.

This pressing security concern, designated as CVE-2026-3844, has already prompted over 170 exploitation attempts, as documented by the Wordfence security solution dedicated to safeguarding the WordPress ecosystem.

The Breeze Cache plugin, developed by Cloudways, boasts over 400,000 active installations. Its design aims to enhance website performance and loading speed through mechanisms such as caching, file optimization, and database maintenance, all intended to streamline page load times.

This vulnerability has garnered a critical severity score of 9.8 out of a possible 10. It was unearthed and reported by security researcher Hung Nguyen (also known as Bashu).

Investigators from the WordPress security firm Defiant, the creators of Wordfence, indicate that the issue arises from a lack of file-type validation within the ‘fetch_gravatar_from_remote’ function.

This deficiency permits an unauthenticated intruder to upload arbitrary files to the server, potentially culminating in remote code execution (RCE) and total website compromise.

However, successful exploitation hinges on the activation of the “Host Files Locally – Gravatars” add-on, which is not enabled by default, as the researchers have pointed out.

CVE-2026-3844 is applicable to all Breeze Cache iterations up to and including version 2.4.4. Cloudways has addressed this flaw in version 2.4.5, which was released earlier this week.

Current statistics from WordPress.org reveal that the plugin has seen approximately 138,000 downloads since the latest version debuted.

The extent of vulnerability among websites remains uncertain due to the absence of data regarding the number of installations with the “Host Files Locally – Gravatars” feature enabled.

Given the ongoing exploits, it is strongly urged that website owners and administrators relying on Breeze Cache for performance enhancement upgrade to the latest version of the plugin at their earliest convenience or, as a temporary measure, disable it.

If immediate upgrading is unfeasible, administrators should at least deactivate the “Host Files Locally – Gravatars” option.

Source link: Bleepingcomputer.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

Souvik Banerjee

I’m Souvik Banerjee from Kolkata, India. As a Marketing Manager at RS Web Solutions (RSWEBSOLS), I specialize in digital marketing, SEO, programming, web development, and eCommerce strategies. I also write tutorials and tech articles that help professionals better understand web technologies.