Mass Exploitation of Breeze Cache | Wordfence Security News Clip | April 27, 2026

Mass Exploitation of Breeze Cache | Wordfence Security News Clip | April 27, 2026

▶️ Watch the full Wordfence Security News episode: https://youtu.be/w9JqM0rXhVM
📺 Subscribe to the Wordfence Security News weekly podcast: https://www.youtube.com/playlist?list=PL1tmvSub1Gq577ZAHXWRyjUW3TAU8lQKW

Breeze Cache, a Cloudways caching plugin with over 400,000 active installations, contains a critical unauthenticated arbitrary file upload vulnerability (CVE-2026-3844) that is under active mass exploitation.

The Wordfence firewall has blocked over 22,000 exploit attempts across nearly 5,000 unique WordPress sites. Over 1,300 unique source IP addresses have been tracked in the campaign, with over 900 of those appearing for the first time on April 29th alone.

The flaw resides in the plugin's "host files locally" gravatars feature. When enabled, a flawed regular expression extracts avatar image URLs from the alt attribute of the HTML tag instead of the src attribute.

Since WordPress places the comment author's display name in the alt attribute, an unauthenticated attacker can inject a malicious URL pointing to a PHP web shell by leaving a comment with a crafted name.

The plugin downloads the file and saves it to a publicly accessible cache directory with no file type validation, resulting in unauthenticated remote code execution.

A public proof of concept published on GitHub under the handle im-hanzou contains a second-stage upload shell that accounts for roughly a third of all blocked attempts. The vulnerability was discovered by security researcher Hung Nguyen and disclosed by the Wordfence Threat Intelligence team.

Cloudways patched the vulnerability in version 2.4.5. If you are running Breeze Cache, update to version 2.4.5 immediately. If you cannot update right now, disable the "host files locally" gravatars option as a temporary mitigation. All Wordfence users are protected from attacks targeting this vulnerability.

00:00 Intro
00:05 Critical File Upload Flaw in Breeze Cache
00:19 How the Exploit Works
00:58 Exploitation Scale and Attack Patterns
02:52 Patch and Mitigation Steps

🛡️ Get Wordfence: https://www.Wordfence.com/products/pricing/
🔵 Try Wordfence Central - https://www.Wordfence.com/help/central/
⭐ Wordfence is Trusted by over 5 Million Websites

📰 Story Links:
• Breeze Cache Active Exploitation (CVE-2026-3844): https://www.Wordfence.com/threat-intel/vulnerabilities/id/e342b1c0-6e7f-4e2c-8a52-018df12c12a0

Stay informed and secure: read the full details and expert analysis on the Wordfence blog:
https://www.Wordfence.com/blog/

🔗 Get Wordfence today: https://www.Wordfence.com/
🔐 Learn more about WordPress security: https://www.Wordfence.com/learn/

#Breeze Cache #ArbitraryFileUpload #RCE #WordPressSecurity #CyberSecurity

===== Protect Your Site With Wordfence =====

✅ Get Wordfence Free: https://www.Wordfence.com/products/Wordfence-free/
✅ Get Wordfence Premium: https://www.Wordfence.com/products/Wordfence-premium/
✅ Get Wordfence Care: https://www.Wordfence.com/products/Wordfence-care/
✅ Get Wordfence Response: https://www.Wordfence.com/products/Wordfence-response/

📝 Wordfence Audit Log:
All premium Wordfence plans include access to the Wordfence Audit Log -- capturing, securely storing, and protecting important security events for forensic analysis.

🔵 Connect Your Sites To Wordfence Central:
https://www.Wordfence.com/help/central/
Manage all your WordPress sites from one centralized dashboard.

💸 Want to earn money promoting Wordfence? Join the Wordfence Affiliate Program:
👉 Learn more: https://www.youtube.com/watch?v=t4REbBmcuWQ
👉 Join: https://www.Wordfence.com/affiliate

🐞 Earn money via our Bug Bounty Program:
Find vulnerabilities in WordPress plugins and themes and get rewarded!
👉 Join: https://www.Wordfence.com/refer/youtube

Join the WordPress Security discussion on Reddit in r/Wordfence:
https://www.reddit.com/r/Wordfence/

Видео Mass Exploitation of Breeze Cache | Wordfence Security News Clip | April 27, 2026 канала Wordfence