cleantalk
Vulnerabilities and Security Researches

Breeze – WordPress Cache Plugin, CVE-2022-29444

CVE, Research URL

CVE-2022-29444

Home page URL

Security reports for Breeze – WordPress Cache Plugin

Application

Breeze – WordPress Cache Plugin

Published on
May 03, 2022
Research Description
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.
Affected versions
Min -, max 2.0.9.
Status
vulnerable
Previous vulnerability researches
Breeze Display (CVE-2025-3749) , Apr 27, 2025
Breeze &#8211; WordPress Cache Plugin (CVE-2024-27188) , Jun 07, 2024
Breeze &#8211; WordPress Cache Plugin (CVE-2022-29444) , Jun 07, 2024
Breeze &#8211; WordPress Cache Plugin (CVE-2024-50422) , Oct 27, 2024
Breeze &#8211; WordPress Cache Plugin (CVE-2024-50431) , Oct 27, 2024
New vulnerability
Automatically Hierarchic Categories in Menu (CVE-2025-50048) , Jun 24, 2025
WP Visitor Statistics (Real Time Traffic) (CVE-2025-49996) , Jun 24, 2025
Video List Manager (CVE-2025-49986) , Jun 24, 2025
Video List Manager (CVE-2025-52821) , Jun 24, 2025
Modern Footnotes (CVE-2025-50049) , Jun 24, 2025