cleantalk
Vulnerabilities and Security Researches

Breeze – WordPress Cache Plugin, 9f8d98d070747dc4430a4d5893eedb992d889bf6

CVE, Research URL

9f8d98d070747dc4430a4d5893eedb992d889bf6

Home page URL

Security reports for Breeze – WordPress Cache Plugin

Application

Breeze – WordPress Cache Plugin

Published on
Sep 19, 2022
Research Description
Breeze Cache [breeze] < 2.0.9 Breeze <= 2.0.8 - Cross-Site Request Forgery via import_json_settings The Breeze plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.8. This is due to missing or incorrect nonce validation on the 'import_json_settings' function. This makes it possible for unauthenticated attackers to import plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.0.9.
Status
vulnerable
Previous vulnerability researches
Kaya QR Code Generator (CVE-2023-30784) , Jun 06, 2024
Kaya QR Code Generator (1e00947396c1019d0f5e935ec5c63a4dcbba7bac) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026