CVE-2025-7443

Name of the Vulnerable Software and Affected Versions BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript versions up to and including 2.2.42

Description The BerqWP plugin for WordPress is susceptible to arbitrary file uploads due to missing file type validation through the store javascript cache.php file. This allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially leading to remote code execution.

Recommendations BerqWP versions prior to 2.2.42: Update to a version later than 2.2.42 to address the file upload issue.