cleantalk
Vulnerabilities and Security Researches

BerqWP – Core Web Vitals & Speed Optimization Using Cloud, CVE-2025-7443

CVE, Research URL

CVE-2025-7443

Home page URL

Security reports for BerqWP – Core Web Vitals & Speed Optimization Using Cloud

Application

BerqWP – Core Web Vitals & Speed Optimization Using Cloud

Published on
Aug 01, 2025
Research Description
The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 2.2.44.
Status
vulnerable
Previous vulnerability researches
Responsive Filterable Portfolio (CVE-2019-25221) , Dec 14, 2024
Responsive Filterable Portfolio (CVE-2023-2119) , Jun 07, 2024
Responsive Filterable Portfolio (CVE-2024-51785) , Nov 08, 2024
New vulnerability
Ocean Social Sharing (CVE-2025-7500) , Aug 02, 2025
Stratum – Elementor Widgets (CVE-2025-7845) , Aug 02, 2025
BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security (CVE-2025-6722) , Aug 02, 2025
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization (CVE-2025-6626) , Aug 02, 2025
Qi Addons For Elementor (CVE-2025-8146) , Aug 02, 2025