Vulnerabilities and security researches forbreeze breeze

Jun 07, 2024

CVE, Research URL: CVE-2024-27188
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.3.
Affected versions: max 2.1.4.
Status: vulnerable

CVE, Research URL: CVE-2022-29444
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: May 03, 2022
Research Description: Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.
Affected versions: max 2.0.9.
Status: vulnerable

Oct 27, 2024

CVE, Research URL: CVE-2024-50422
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Oct 30, 2024
Research Description: Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14.
Affected versions: max 2.1.15.
Status: vulnerable

CVE, Research URL: CVE-2024-50431
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Oct 29, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.14.
Affected versions: max 2.1.15.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-23999
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Jun 18, 2025
Research Description: Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13.
Affected versions: max 2.2.14.
Status: vulnerable

Jan 28, 2026

CVE, Research URL: CVE-2025-69364
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Jan 06, 2026
Research Description: Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
Affected versions: max 2.2.21.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2025-13864
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Feb 19, 2026
Research Description: The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint `/wp-json/breeze/v1/clear-all-cache` being registered with `permission_callback => '__return_true'` and authentication being disabled by default when the API is enabled. This makes it possible for unauthenticated attackers to clear all site caches (page cache, Varnish, and Cloudflare) via a simple POST request, granted the administrator has enabled the API integration feature.
Affected versions: max 2.2.22.
Status: vulnerable