Name of the Vulnerable Software and Affected Versions:

BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript versions up to and including 2.2.42

Description:

The BerqWP plugin for WordPress is susceptible to arbitrary file uploads due to missing file type validation through the `store javascript cache.php` file. This allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially leading to remote code execution.

Recommendations:

BerqWP versions prior to 2.2.42: Update to a version later than 2.2.42 to address the file upload issue.