What is CVE-2026-3844 in Breeze Cache?

A critical file upload vuln letting unauth hackers drop arbitrary files for RCE. Only hits if “Host Files Locally - Gravatars” is on.

How many Breeze Cache sites are at risk?

Over 400K installs total; unknown with Gravatars enabled. 170+ attacks already blocked by Wordfence.

Is Breeze Cache safe to use now?

Yes, update to 2.4.5 immediately. Or disable Gravatars if you can't.

🕳️ Vulnerabilities & CVEs

[CVE-2026-3844] Hackers Hit Breeze Cache in 170+ Attacks

Everyone thought WordPress caching plugins were a safe speed boost. Then hackers turned Breeze Cache into a backdoor with CVE-2026-3844, hitting 170+ sites. This isn't just a bug—it's a wake-up call for plugin trust.

CVE Watch Apr 24, 2026 3 min read

Hackers exploiting Breeze Cache WordPress plugin vulnerability CVE-2026-3844 with code execution visualization

⚡ Key Takeaways

Hackers exploited CVE-2026-3844 in Breeze Cache for unauth file uploads, with 170+ attacks detected. 𝕏
Vuln requires 'Host Files Locally - Gravatars' add-on; affects versions up to 2.4.4—patched in 2.4.5. 𝕏
Echoes Log4Shell: ubiquitous plugin flaw draws fast attacks, urging immediate updates or disables. 𝕏

Published by

CVE Watch

Threat intelligence. Zero noise.

#Breeze Cache #WordPress exploit #WordPress vulnerability #Wordfence #breeze-cache-vulnerability #cve-2026-3844 #file upload exploit #file-upload-rce

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

CVE Watch

Share this article

Worth sharing?

Related Stories

Ninja Forms' Deadly Upload Flaw Lets Hackers Seize WordPress Sites in Seconds

Hackers Slip PHP Shells into Ninja Forms — WordPress Sites Crumble Overnight

UNC6201 Ditches BRICKSTORM for Sneakier GRIMBOLT in Dell Zero-Day Heist

[65% Privilege Escalation] Microsoft's Huge Patch Tuesday

Stay in the loop