BerqWP WordPress Plugin CVE-2025-7443 Arbitrary File Upload: Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-7443, a high-severity arbitrary file upload vulnerability in the BerqWP WordPress plugin up to version 2.2.42. The flaw allows unauthenticated attackers to upload arbitrary files via store_javascript_cache.php, potentially leading to remote code execution. Includes affected versions, technical details, and references.
CVE Analysis

7 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-07-31

BerqWP WordPress Plugin CVE-2025-7443 Arbitrary File Upload: Brief Summary and Technical Review
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Attackers can gain remote code execution on WordPress sites running BerqWP simply by uploading a malicious file, no authentication required. This flaw impacts a widely used performance optimization plugin, putting many production websites at risk of full compromise if left unpatched.

BerqWP is an all-in-one WordPress plugin for automated page speed optimization, integrating caching, CDN, image, CSS, and JavaScript enhancements. It is used by a substantial number of WordPress sites seeking to improve Core Web Vitals and overall performance. The plugin's broad adoption and integration with critical site performance workflows make vulnerabilities in its codebase especially impactful for the WordPress ecosystem.

Technical Information

CVE-2025-7443 is an arbitrary file upload vulnerability in the BerqWP plugin, specifically affecting the store_javascript_cache.php endpoint. This endpoint is designed to cache JavaScript files as part of the plugin's optimization process. However, it lacks any file type validation, allowing attackers to upload files of any type—including executable scripts—directly to the server.

The root cause is the absence of checks on file extensions and MIME types in the file upload logic. As a result, an unauthenticated attacker can send a crafted HTTP POST request to the vulnerable endpoint with a payload containing a malicious file (for example, a PHP web shell). Since the uploaded file is stored in a web-accessible directory, the attacker can then access and execute it remotely, achieving arbitrary code execution on the server.

This issue is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). The vulnerability affects all plugin installations up to and including version 2.2.42. The lack of authentication and the unrestricted nature of the upload make exploitation trivial and highly impactful.

Relevant code and endpoint references:

Affected Systems and Versions

  • Product: BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript (WordPress plugin)
  • Affected versions: All versions up to and including 2.2.42
  • Vulnerable endpoint: store_javascript_cache.php
  • No authentication required for exploitation

Vendor Security History

  • Previous arbitrary file upload vulnerability in BerqWP version 1.7.6 (Wordfence advisory)
  • Recurring issues with file upload handling and input validation
  • Active development cycle but multiple security flaws over time

References

Detect & fix
what others miss