Ethical Hacking News
Over 400,000 WordPress sites are at risk due to a critical flaw in the Breeze Cache plugin, which can allow hackers to upload arbitrary files without authentication. The vulnerability has already been exploited by over 170 attackers and is considered severe enough to score 9.8 on the Common Vulnerability Scoring System (CVSS). It's essential for users to update their plugins immediately or disable them until the patch is available.
Over 400,000 sites have fallen prey to a critical flaw in the Breeze Cache plugin. The vulnerability (CVE-2026-3844) allows unauthenticated attackers to upload arbitrary files and execute remote code. The severity of the vulnerability is rated as 9.8 using the Common Vulnerability Scoring System (CVSS), indicating an extremely high level of risk. Threat actors have already exploited this vulnerability, with over 3,936 attacks reported in the past 24 hours. The plugin's developers have released a patch for version 2.4.5 to fix the issue.
The world of cybersecurity has been hit with yet another alarming warning from top security researchers. Over 400,000 sites have fallen prey to a critical flaw in the Breeze Cache plugin, leaving them vulnerable to exploitation by hackers. This devastating discovery was made by Wordfence researchers, who detected over 170 attacks targeting this vulnerability.
The Breeze Cache plugin, developed by Cloudways, is a free WordPress plugin designed to improve website speed and performance. It offers page and browser caching, file minification, Gzip compression, and CDN integration, all aimed at reducing load times and optimizing overall site delivery. However, its very purpose also makes it an attractive target for malicious actors.
According to Wordfence, the vulnerability (CVE-2026-3844) stems from a missing file-type validation in the 'fetch_gravatar_from_remote' function, allowing unauthenticated attackers to upload arbitrary files. This can lead to remote code execution and full site takeover, making it a serious concern for any website that relies on this plugin.
The severity of the vulnerability was assessed using the Common Vulnerability Scoring System (CVSS) score, which rates the severity of vulnerabilities from 0 to 10. In this case, the CVSS score is a staggering 9.8, indicating an extremely high level of risk.
This discovery comes on the heels of other recent cybersecurity threats that have targeted various plugins and software. It highlights the importance of keeping software up-to-date and using reputable security measures to protect against such vulnerabilities.
Threat actors are actively exploiting this vulnerability, with Wordfence reporting over 3,936 attacks in the past 24 hours alone. This shows a clear indication that hackers see this vulnerability as an attractive entry point into various websites.
The good news is that the plugin's developers have released a patch for version 2.4.5, which fixes the issue. Breeze Cache users should update to the latest version immediately or disable the plugin temporarily until they can do so.
In conclusion, this highlights the ever-evolving landscape of cybersecurity threats and the importance of vigilance in protecting our online presence. It is a reminder that no software is completely secure and that we must always be on the lookout for vulnerabilities like this one.
Related Information:
https://www.ethicalhackingnews.com/articles/Over-400000-Sites-at-Risk-The-Breeze-Cache-Plugin-Flaw-and-the-Rising-Tide-of-Cybersecurity-Threats-ehn.shtml
https://securityaffairs.com/191267/uncategorized/over-400000-sites-at-risk-as-hackers-exploit-breeze-cache-plugin-flaw-cve-2026-3844.html
https://www.bleepingcomputer.com/news/security/hackers-exploit-file-upload-bug-in-breeze-cache-wordpress-plugin/
https://www.1950.ai/post/400-000-sites-at-risk-critical-breeze-cache-vulnerability-highlights-growing-wordpress-plugin-secur
https://nvd.nist.gov/vuln/detail/CVE-2026-3844
https://www.cvedetails.com/cve/CVE-2026-3844/
Published: Sat Apr 25 11:21:03 2026 by llama3.2 3B Q4_K_M
