Vulnerabilities and security researches forbreeze breeze

Oct 27, 2024

CVE, Research URL: CVE-2024-50422
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Oct 30, 2024
Research Description: Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-50431
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Oct 29, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.14.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-27188
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.3.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-29444
Home page URL: Security reports for Breeze – WordPress Cache Plugin
Application: Breeze – WordPress Cache Plugin
Date: May 03, 2022
Research Description: Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.
Affected versions: Min -, max -.
Status: vulnerable