cleantalk
Vulnerabilities and Security Researches

BerqWP – Core Web Vitals & Speed Optimization Using Cloud, CVE-2024-9344

CVE, Research URL

CVE-2024-9344

Home page URL

Security reports for BerqWP – Core Web Vitals & Speed Optimization Using Cloud

Application

BerqWP – Core Web Vitals & Speed Optimization Using Cloud

Published on
Oct 02, 2024
Research Description
The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 2.1.2.
Status
vulnerable
Previous vulnerability researches
BerqWP – Core Web Vitals & Speed Optimization Using Cloud (CVE-2024-9344) , Oct 03, 2024
BerqWP – Core Web Vitals & Speed Optimization Using Cloud (CVE-2024-37942) , Jul 14, 2024
BerqWP – Core Web Vitals & Speed Optimization Using Cloud (CVE-2025-7443) , Aug 02, 2025
BerqWP – Core Web Vitals & Speed Optimization Using Cloud (CVE-2024-43160) , Aug 11, 2024
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025