{"id":60311,"date":"2025-08-07T09:16:32","date_gmt":"2025-08-07T09:16:32","guid":{"rendered":""},"modified":"2025-09-03T19:04:17","modified_gmt":"2025-09-04T01:04:17","slug":"cve-2025-7443-critical-arbitrary-file-upload-vulnerability-in-berqwp-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-7443-critical-arbitrary-file-upload-vulnerability-in-berqwp-wordpress-plugin\/","title":{"rendered":"CVE-2025-7443: Critical Arbitrary File Upload Vulnerability in BerqWP WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-7443 is a critical vulnerability found in the BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress. This vulnerability allows unauthenticated attackers to upload arbitrary files to the victim’s server. The issue stems from the plugin’s lack of proper file type validation, meaning that any file, regardless of its format or content, can be uploaded through the store_javascript_cache.php file<\/a>. The vulnerability affects<\/a> all versions up to and including 2.2.42.
\nGiven the vast popularity of WordPress and its extensive use in various businesses and individual websites, this vulnerability poses a serious threat<\/a>. A successful exploit can lead to data leakage or even full system compromise, allowing attackers to execute arbitrary code remotely<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-7443
\nSeverity: Critical (8.1\/10.0 – CVSS Severity Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise<\/a>, data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n