WordPress Plugin Vulnerabilities

BerqWP < 1.7.7 - Unauthenticated Arbitrary File Uplaod

Description

The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/store_webp.php file in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
searchpro
Fixed in 1.7.7

References

CVE
CVE-2024-43160
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/56465338-f9be-49c5-8125-c6729287d590

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
f6881322-e3ff-4e4e-afda-97485bc37cfa

Timeline

Publicly Published
2024-08-07 (about 1 year ago)
Added
2024-08-14 (about 1 year ago)
Last Updated
2024-08-14 (about 1 year ago)

Other

Published
Title
Published
2016-02-15
Title
Backup Guard < 1.0.3 - Authenticated Arbitrary File Upload
Published
2014-08-01
Title
appius - Custom Background Shell Upload
Published
2014-08-01
Title
NextGEN Gallery 1.9.12 - Arbitrary File Upload
Published
2026-03-03
Title
Charety < 2.0.2 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2025-06-23
Title
Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit < 2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload