WordPress Plugin Vulnerabilities

Breeze < 2.2.14 - Missing Authorization

Description

The Breeze – WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
breeze
Fixed in 2.2.14

References

CVE
CVE-2025-23999
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/426f0993-8b75-4bb1-9368-8927241d7cda

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
domiee13
Verified
No
WPVDB ID
9fc1bae0-9228-47e2-b9e8-192a1aec2822

Timeline

Publicly Published
2025-06-18 (about 10 months ago)
Added
2025-06-25 (about 10 months ago)
Last Updated
2025-06-25 (about 10 months ago)

Other

Published
Title
Published
2023-07-26
Title
InstaWP Connect < 0.0.9.19 - Unauthenticated Data Modification
Published
2026-03-19
Title
Aimogen Pro < 2.7.6 - Unauthenticated Privilege Escalation via Arbitrary Function Call
Published
2024-12-05
Title
Minimum and Maximum Quantity for WooCommerce < 2.1.0 - Missing Authorization
Published
2023-11-09
Title
Ultimate Addons for Contact Form 7 < 3.2.11 - Missing Authorization
Published
2023-12-27
Title
Build App Online < 1.0.21 - Subscriber+ Privilege Escalation