CVE-2026-3844
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.
| CWE | CWE-434 |
| Vendor | cloudways |
| Product | breeze cache |
| Published | Apr 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for cloudways breeze cache
Be the first to know when new critical vulnerabilities affecting cloudways breeze cache are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
cloudways / Breeze Cache
0 โค 2.4.4
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/e342b1c0-6e7f-4e2c-8a52-018df12c12a0?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/breeze/tags/2.4.1/inc/class-breeze-cache-cronjobs.php#L119 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/breeze/tags/2.4.1/inc/class-breeze-cache-cronjobs.php#L89 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3511463/breeze
Credits
Hung Nguyen