Breeze Cache WordPress Plugin Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the Breeze Cache plugin for WordPress, affecting all versions through 2.4.4. The issue arises from inadequate file type validation in the 'fetch_gravatar_from_remote' function. This vulnerability enables unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution. Exploitation requires the 'Host Files Locally - Gravatars' option to be enabled, which is off by default.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, with the potential for remote code execution if the uploaded file is executed on the server.

Reproduction

To reproduce this vulnerability, upload a file through the 'fetch_gravatar_from_remote' function without proper file type validation. Ensure that the 'Host Files Locally - Gravatars' option is enabled.

Remediation

Users are advised to update the Breeze Cache plugin to version 2.4.5 or later.