Is CVE-2026-3844 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-3844 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-3844 affect?

CVE-2026-3844 affects Joomla, WordPress.

Vulnerability intelligence

CVE-2026-3844

CVE-2026-3844 allows unauthenticated arbitrary file uploads through the Breeze caching plugin. This is not a cosmetic plugin — it is infrastructure. Exploitation is active.

Joomla WordPress 2026

What WebPulse reported · 3 analyses

WordPress Breeze Cache Plugin Exploited: Unauthenticated File Upload, 170+ Attacks Observed

CVE-2026-3844 allows unauthenticated arbitrary file uploads through the Breeze caching plugin. This is not a cosmetic plugin — it is infrastructure. Exploitatio

June 18, 2026

Joomla JCE Scores a Perfect 10: CISA KEV, PHP Web Shells, Zero Authentication Required

CVE-2026-48907 is a CVSS 10.0 flaw in the Joomla Content Editor plugin. Attackers upload PHP web shells through unauthenticated profile imports. CISA orders fed

June 18, 2026

June 2026: Six CVSS 9.8 Vulnerabilities. 1.14 Million WordPress Sites.

Six critical vulnerabilities actively exploited at the same time. 29,300+ attacks per day on one plugin alone. A premium plugin supply-chain compromised. The Wo

June 9, 2026

View CVE-2026-3844 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-8181 CVE-2026-10795 CVE-2026-48907 CVE-2026-4020 CVE-2026-1293 CVE-2026-8732