Hackers Exploit Critical Flaw in Breeze Cache WordPress Plugin
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON (AP) — Hackers are actively exploiting a critical vulnerability in the Breeze Cache WordPress plugin, enabling unauthorized file uploads and potential remote code execution on more than 400,000 websites globally. The flaw, identified as CVE-2026-3844, allows threat actors to upload malicious files to servers without authentication, posing a significant risk to site administrators and visitors.
The vulnerability was discovered on April 25, 2026, and has since been weaponized by cybercriminals targeting WordPress installations worldwide. Breeze Cache, a popular plugin used to improve website performance through caching mechanisms, has been installed on hundreds of thousands of sites. The exploit bypasses standard security controls, granting attackers direct access to server file systems.
Security researchers have confirmed that the flaw permits unauthenticated users to upload arbitrary files, which can then be executed to compromise the entire server. This type of attack vector is particularly dangerous as it does not require prior access to the website or valid login credentials. Once a malicious file is uploaded, attackers can install backdoors, steal sensitive data, or use the compromised server as a launchpad for further attacks.
Website owners using Breeze Cache are urged to update the plugin immediately or disable it until a patched version is available. The plugin developer has acknowledged the issue and is working on a fix, but no official patch has been released as of late Tuesday. In the interim, administrators are advised to monitor server logs for suspicious activity and restrict file upload permissions where possible.
The scale of the threat is significant given the widespread adoption of WordPress, which powers more than 40% of all websites on the internet. Even sites not directly targeted may be at risk if they rely on shared hosting environments where a single compromised server can affect multiple domains. Security experts warn that the window for exploitation is narrow but critical, urging immediate action to mitigate potential damage.
No major organizations have publicly confirmed breaches linked to this vulnerability yet, though security firms are tracking active exploitation attempts. The lack of a confirmed patch timeline leaves many site owners in a vulnerable position, with some choosing to remove the plugin entirely to eliminate the risk.
As the situation develops, cybersecurity teams are monitoring for new variants of the exploit and advising users to stay vigilant. The incident underscores the ongoing challenges in maintaining security for widely used web technologies, where a single flaw can impact millions of users worldwide. Further updates are expected as developers finalize a solution and security vendors assess the full scope of the compromise.