๐Ÿ” CVE Alert

CVE-2026-10551

MEDIUM 6.1

Breeze Cache < 2.5.6 - Unauthenticated Stored XSS via Minify Library

CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.

Vendor unknown
Product breeze cache
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for unknown breeze cache

Be the first to know when new medium vulnerabilities affecting unknown breeze cache are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Breeze Cache
0 < 2.5.6

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/381fb82f-2fdc-49cb-bb0d-8d70ead61d86/

Credits

Matthew Rollings WPScan