CVE-2025-7443: 
WordPress vulnerability analysis and mitigation

The BerqWP – Automated All-In-One Page Speed Optimization plugin for WordPress (versions up to 2.2.42) contains a critical security vulnerability identified as CVE-2025-7443. The vulnerability was discovered and disclosed on July 31, 2025, and involves an arbitrary file upload weakness due to missing file type validation in the storejavascriptcache.php file. This security issue affects WordPress installations using the BerqWP plugin (NVD).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) with a CVSS v3.1 Base Score of 8.1 (HIGH). The attack vector is network-accessible (AV:N) with high attack complexity (AC:H), requires no privileges (PR:N), and needs no user interaction (UI:N). The scope is unchanged (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

The vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site's server, potentially enabling remote code execution. This could lead to complete system compromise, allowing attackers to gain unauthorized access and control over the affected WordPress installation (NVD).

The vulnerability has been addressed in the plugin's source code by removing the vulnerable endpoint as evidenced by the changes in registerapis.php. Users should immediately update their BerqWP plugin to a version newer than 2.2.42 ([WordPress Plugin](https://plugins.trac.wordpress.org/changeset/3330075/searchpro/trunk/api/registerapis.php)).