Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Unauthenticated network attack with low complexity; scope change reflects browser-context impact on victim; no server confidentiality or availability impact applies.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.
AnalysisAI
Stored Cross-Site Scripting in the Breeze Cache WordPress plugin (versions before 2.5.6) allows unauthenticated attackers to inject arbitrary HTML attributes into cached page output by exploiting a predictable placeholder hash format used during HTML minification. The root cause is a weak, guessable replacement token generated during the minification pipeline combined with a flawed regular expression, meaning an attacker who can submit content to the site can anticipate the placeholder pattern and craft input that survives minification as injected markup. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The Breeze Cache WordPress plugin must be installed and active, and HTML minification must be enabled (which is a default or commonly enabled feature of the plugin). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reflects a network-accessible, low-complexity, unauthenticated attack requiring victim interaction - a classic reflected or stored XSS profile with scope change indicating impact on the victim's browser context rather than the server itself. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker submits a comment, form input, or other user-controlled string to a WordPress site running a vulnerable version of Breeze Cache, crafting the payload to anticipate the predictable placeholder hash the plugin will generate during HTML minification. When the plugin processes and caches the page, the crafted content survives minification and is stored in the page cache as injected HTML attributes containing a malicious script. … |
| Remediation | Upgrade the Breeze Cache WordPress plugin to version 2.5.6 or later, which contains the vendor-released patch addressing the predictable hash and regular expression flaws. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43283
GHSA-m7gw-pmv8-8hf3