CVE-2024-43160: 
WordPress vulnerability analysis and mitigation

The BerqWP WordPress plugin versions up to 1.7.6 contains an Unrestricted Upload of File with Dangerous Type vulnerability that allows for Code Injection. This vulnerability, identified as CVE-2024-43160, was discovered by Dave Jong from Patchstack and was published on August 7, 2024. The vulnerability affects all versions of BerqWP through version 1.7.6 (Patchstack).

The vulnerability is classified as an Unrestricted Upload of File with Dangerous Type (CWE-434) that enables arbitrary file upload capabilities. It has received a Critical CVSS v3.1 base score of 10.0, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating the highest possible severity level. The vulnerability can be exploited without authentication, making it particularly dangerous (Patchstack).

This vulnerability allows malicious actors to upload any type of file to the affected website, including backdoors which can then be executed to gain further access to the website. Given its unauthenticated nature and critical severity rating, the vulnerability is expected to become mass exploited (Patchstack).

Website administrators are advised to update to BerqWP version 1.7.7 or later immediately to resolve this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).