Hackers Actively Exploiting Unauthenticated File Upload Bug in Breeze Cache WordPress Plugin

Attackers are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the Breeze Cache plugin for WordPress. The flaw requires no authentication and allows uploading arbitrary files to the server, enabling remote code execution via web shell placement. Active exploitation is confirmed in the wild.

WordPress administrators running Breeze Cache should update the plugin immediately. Servers where the vulnerable version was installed and internet-exposed should be audited for uploaded web shells or unauthorized files in the WordPress uploads and plugin directories. If a patch is not yet available, disabling the plugin is the safest interim measure.