Skip to main content

Breeze Cache CVE-2026-10551

| EUVDEUVD-2026-43283 MEDIUM
2026-07-13 WPScan GHSA-m7gw-pmv8-8hf3
6.1
CVSS 3.1 · Vendor: WPScan
Share

Severity by source

Vendor (WPScan) PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
6.1 MEDIUM

Unauthenticated network attack with low complexity; scope change reflects browser-context impact on victim; no server confidentiality or availability impact applies.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (WPScan).

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
Jul 13, 2026 - 19:20 vuln.today
CVSS changed
Jul 13, 2026 - 19:07 NVD
6.1 (MEDIUM)
Patch available
Jul 13, 2026 - 08:01 EUVD
CVE Published
Jul 13, 2026 - 06:00 cve.org
MEDIUM 6.1
CVE Published
Jul 13, 2026 - 06:00 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.

AnalysisAI

Stored Cross-Site Scripting in the Breeze Cache WordPress plugin (versions before 2.5.6) allows unauthenticated attackers to inject arbitrary HTML attributes into cached page output by exploiting a predictable placeholder hash format used during HTML minification. The root cause is a weak, guessable replacement token generated during the minification pipeline combined with a flawed regular expression, meaning an attacker who can submit content to the site can anticipate the placeholder pattern and craft input that survives minification as injected markup. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Submit crafted input to WordPress site
Delivery
Breeze Cache minifies page HTML with predictable placeholder hash
Exploit
Injected attributes survive minification into cached output
Execution
Victim loads poisoned cached page
Persist
Malicious JavaScript executes in victim browser
Impact
Session cookies or credentials exfiltrated

Vulnerability AssessmentAI

Exploitation The Breeze Cache WordPress plugin must be installed and active, and HTML minification must be enabled (which is a default or commonly enabled feature of the plugin). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reflects a network-accessible, low-complexity, unauthenticated attack requiring victim interaction - a classic reflected or stored XSS profile with scope change indicating impact on the victim's browser context rather than the server itself. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker submits a comment, form input, or other user-controlled string to a WordPress site running a vulnerable version of Breeze Cache, crafting the payload to anticipate the predictable placeholder hash the plugin will generate during HTML minification. When the plugin processes and caches the page, the crafted content survives minification and is stored in the page cache as injected HTML attributes containing a malicious script. …
Remediation Upgrade the Breeze Cache WordPress plugin to version 2.5.6 or later, which contains the vendor-released patch addressing the predictable hash and regular expression flaws. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10551 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy