CVE-2026-10551
The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable repla
CVSS
6.1
Medium
EPSS
0.1%
p5
KEV
—
Exploit Today
1
0-100
Published: Jul 13, 2026 · Last modified: Jul 13, 2026
0.1%EPSS · 30 days0.2%
2026-07-132026-07-17
The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.
No related CVEs by CWE or product.