Over 400,000 Sites at Risk as Hackers Exploit Breeze Cache Plugin Flaw (CVE-2026-3844)

Hackers are actively exploiting a critical vulnerability (CVE-2026-3844, CVSS score 9.8) in the Breeze Cache WordPress plugin, which allows unauthenticated file uploads to affected servers. Over 400,000 websites using the plugin are at risk, with Wordfence researchers detecting more than 170 attack attempts targeting the flaw. The vulnerability enables threat actors to upload malicious files without requiring authentication, though the article does not specify the exact timeline of exploitation. No details on the geographic distribution or specific threat groups involved were provided. The flaw affects the Breeze Cache plugin, a widely used WordPress performance optimization tool.