{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T19:48:33.906","vulnerabilities":[{"cve":{"id":"CVE-2025-13864","sourceIdentifier":"security@wordfence.com","published":"2026-02-19T07:17:33.610","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint `/wp-json/breeze/v1/clear-all-cache` being registered with `permission_callback => '__return_true'` and authentication being disabled by default when the API is enabled. This makes it possible for unauthenticated attackers to clear all site caches (page cache, Varnish, and Cloudflare) via a simple POST request, granted the administrator has enabled the API integration feature."},{"lang":"es","value":"El plugin Breeze - WordPress Cache Plugin para WordPress es vulnerable al borrado de caché no autorizado en todas las versiones hasta la 2.2.21, inclusive. Esto se debe a que el endpoint de la API REST '/wp-json/breeze/v1/clear-all-cache' está registrado con 'permission_callback => '__return_true'' y la autenticación está deshabilitada por defecto cuando la API está habilitada. Esto hace posible que atacantes no autenticados borren todas las cachés del sitio (caché de página, Varnish y Cloudflare) mediante una simple solicitud POST, siempre que el administrador haya habilitado la función de integración de la API."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/breeze/tags/2.2.21/inc/breeze-admin.php#L749","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/breeze/tags/2.2.21/inc/class-breeze-api.php#L19","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/breeze/tags/2.2.21/inc/class-breeze-api.php#L22","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3425199%40breeze&new=3425199%40breeze&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a3c16a5-65e5-4fe9-b7f0-2e021534c054?source=cve","source":"security@wordfence.com"}]}}]}