top of page
ALL POSTS
Over 400,000 WordPress Sites Vulnerable to Breeze Cache Plugin Exploit (CVE-2026-3844)
Key Findings Critical vulnerability (CVE-2026-3844, CVSS 9.8) in Breeze Cache WordPress plugin allows unauthenticated file uploads Over 400,000 websites currently affected by the flaw Wordfence detected 170+ active attacks, with 3,936 blocked in 24 hours alone Vulnerability requires "Host Files Locally – Gravatars" option to be enabled, which is disabled by default Affects all versions up to 2.4.4; patch available in version 2.4.5 Background Breeze Cache is a popular free Wor
Apr 262 min read
Devastating WordPress Vulnerability (CVE-2025-6389) Enables Unauthenticated Remote Code Execution
Key Findings A critical Remote Code Execution (RCE) vulnerability has been discovered in the Sneeit Framework, a core plugin bundled with multiple premium WordPress themes. The vulnerability (CVE-2025-6389) allows unauthenticated users to take complete control of a server. Threat actors started exploiting the issue on the same day it was publicly disclosed on November 24th, 2025. The Wordfence Firewall has already blocked over 131,000 exploit attempts targeting this vulnerabi
Dec 4, 20251 min read
bottom of page
