PT-2026-34629 · WordPress · Breeze Cache
Hung Nguyen
·
Published
2026-04-23
·
Updated
2026-06-25
·
CVE-2026-3844
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Breeze Cache versions prior to 2.4.5
Description
The Breeze Cache plugin for WordPress contains an arbitrary file upload flaw that allows unauthenticated attackers to upload malicious files, such as PHP backdoors, potentially leading to remote code execution and full site compromise. The issue is caused by missing file type validation and an incorrect regular expression in the
fetch gravatar from remote() function, which allows URLs to be extracted from the alt attribute of image tags instead of just the src attribute. Attackers can exploit this by placing a malicious URL in the author name field of a comment. This vulnerability affects approximately 400,000 active installations and has been actively exploited in the wild, with over 30,000 attempts blocked by security firewalls. Exploitation is only possible if the "Host Files Locally - Gravatars" setting is enabled, which is disabled by default.Recommendations
Update to version 2.4.5 or later.
Disable the "Host Files Locally - Gravatars" setting if not in use.
Scan the
/wp-content/cache/breeze-extra/gravatars/ directory for unknown PHP files.
Monitor for suspicious administrator accounts, specifically those following the randomhex@wordpress.org email pattern.Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Breeze Cache