Unauthenticated File Upload Flaw in Popular Caching Plugin May Lead to Remote Code Execution and Full Website Takeover
Threat actors are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress.
Tracked as CVE-2026-3844, the flaw allows attackers to upload arbitrary files to vulnerable servers without authentication.
Because successful exploitation may lead to remote code execution (RCE) and complete site compromise, affected website owners should patch immediately.
VULNERABILITY OVERVIEW
CVE-2026-3844
The plugin has over 400,000 active installations, making this a high-priority risk across the WordPress ecosystem.
ROOT CAUSE
Missing File-Type Validation
Researchers found the issue in the fetch_gravatar_from_remote function.
Because file-type validation was missing, attackers can abuse the feature to upload unauthorized files onto the server.
As a result, malicious PHP or executable files may be placed on the site and later executed.
EXPLOITATION CONDITIONS
Important Note
Successful exploitation requires the “Host Files Locally - Gravatars” add-on to be enabled.
This feature is not enabled by default, which reduces exposure for some sites. However, many administrators may have activated it for performance or privacy reasons.
AFFECTED VERSIONS
Vulnerable Releases
All versions up to and including 2.4.4 are affected.
Fixed Version
Upgrade immediately to version 2.4.5 or later.
ACTIVE ATTACKS OBSERVED
Security tools have already recorded 170+ exploitation attempts, confirming that attackers are scanning for vulnerable websites.
Therefore, delayed patching increases the likelihood of compromise.
POTENTIAL IMPACT
If exploited successfully, attackers may:
- Upload web shells
- Execute malicious code
- Create administrator accounts
- Steal customer or user data
- Redirect traffic to malicious websites
- Fully take over the WordPress instance
IMMEDIATE ACTIONS
1. Upgrade Now
Update the Breeze Cache plugin to 2.4.5 or later immediately.
2. Disable Risky Feature
If patching is delayed, disable:
➡️ Host Files Locally - Gravatars
3. Hunt for Indicators of Compromise
Review your website for:
- Unknown PHP files
- Unexpected admin accounts
- Suspicious scheduled tasks
- Modified plugin/theme files
- Strange redirects or popups
4. Harden WordPress Security
Additionally:
- Enable WAF protections
- Restrict file uploads
- Keep plugins updated
- Use strong admin authentication
WHY THIS MATTERS
WordPress plugins remain one of the most common attack paths because they are widely installed and often overlooked after deployment.
Moreover, caching plugins are highly trusted and frequently used on production sites, making them attractive targets.
KEY TAKEAWAY
A single vulnerable plugin can expose an entire website to full compromise.
➡️ If you use Breeze Cache, patch immediately or disable the affected feature until updated.