CVE-2026-3844
Arbitrary File Upload in Breeze Cache Plugin Enables RCE
Publication date: 2026-04-23
Last updated on: 2026-04-23
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | breeze_cache | to 2.4.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to upload arbitrary files to the affected WordPress site, potentially leading to remote code execution. This could result in unauthorized access to sensitive data or disruption of services.
Such unauthorized access and potential data breaches could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and health information against unauthorized access and ensuring system integrity.
However, the vulnerability can only be exploited if the 'Host Files Locally - Gravatars' option is enabled, which is disabled by default.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should ensure that the "Host Files Locally - Gravatars" option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the 'Host Files Locally - Gravatars' option in the Breeze Cache plugin is disabled, as it is by default. Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this issue is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the 'Host Files Locally - Gravatars' option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the "Host Files Locally - Gravatars" option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should ensure that the 'Host Files Locally - Gravatars' option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the "Host Files Locally - Gravatars" option in the Breeze Cache plugin is disabled, as it is by default. Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this issue is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the "Host Files Locally - Gravatars" option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the 'Host Files Locally - Gravatars' setting in the Breeze Cache plugin is disabled, as it is by default. Additionally, update the Breeze Cache plugin to a version later than 2.4.4 once available to fix the missing file type validation issue.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the 'Host Files Locally - Gravatars' setting in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the 'Host Files Locally - Gravatars' setting in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the 'Host Files Locally - Gravatars' option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
Can you explain this vulnerability to me?
The Breeze Cache plugin for WordPress has a vulnerability in the 'fetch_gravatar_from_remote' function that lacks proper file type validation. This flaw allows unauthenticated attackers to upload arbitrary files to the server hosting the affected site.
This vulnerability exists in all versions up to and including 2.4.4 and can only be exploited if the 'Host Files Locally - Gravatars' feature is enabled, which is disabled by default.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow attackers to upload arbitrary files, potentially leading to remote code execution on the affected server.
This means attackers could gain control over the website or server, leading to data breaches, defacement, or further compromise of the system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the "Host Files Locally - Gravatars" option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the 'Host Files Locally - Gravatars' option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the "Host Files Locally - Gravatars" option in the Breeze Cache plugin is disabled, as it is by default. Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this issue is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should ensure that the "Host Files Locally - Gravatars" option in the Breeze Cache plugin is disabled, as it is by default.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the "Host Files Locally - Gravatars" option in the Breeze Cache plugin is disabled, as it is disabled by default and the vulnerability can only be exploited if this option is enabled.
Additionally, update the Breeze Cache plugin to a version later than 2.4.4 where this vulnerability is fixed.