CVE-2022-29444

Name of the Vulnerable Software and Affected Versions Cloudways Breeze plugin versions <= 2.0.2

Description The issue allows users with a subscriber or higher user role to execute any of the wp ajax * actions in the class Breeze Configuration. This includes the ability to change any of the plugin's settings, including the CDN setting, which could be further used for a Cross-Site Scripting (XSS) attack.

Recommendations For Cloudways Breeze plugin versions <= 2.0.2, update to a version higher than 2.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the Breeze Configuration class and its associated wp ajax * actions to prevent unauthorized changes to the plugin's settings. Restrict access to the CDN setting to minimize the risk of exploitation.