CVE-2025-13864

Name of the Vulnerable Software and Affected Versions Breeze - WordPress Cache Plugin versions through 2.2.21

Description The Breeze - WordPress Cache Plugin is affected by an issue allowing unauthorized cache clearing. The REST API endpoint /wp-json/breeze/v1/clear-all-cache is registered without proper permission checks (permission callback => ' return true') and authentication is disabled by default when the API is enabled. This allows unauthenticated attackers to clear all site caches (page cache, Varnish, and Cloudflare) by sending a POST request to the API endpoint, provided the administrator has enabled the API integration feature.

Recommendations Versions prior to 2.2.21 should be updated.