A high-severity vulnerability has been identified in the BerqWP WordPress plugin, allowing for arbitrary file uploads. An unauthenticated attacker could exploit this flaw by uploading a malicious file, such as a web shell, to gain complete control over the affected website. This could lead to website defacement, data theft, or the use of the server for further malicious activities.

The vulnerability exists due to a lack of proper file type validation in the store_javascript_cache function. An attacker can craft a malicious request to this function, uploading a file with a dangerous extension (e.g., .php) disguised as a legitimate file type. Because the server-side code fails to validate the file's content or extension correctly, it saves the malicious file to a web-accessible directory, allowing the attacker to execute arbitrary code on the server by accessing the file's URL.

This vulnerability is rated as High severity with a CVSS score of 8.1. A successful exploit could lead to a complete website takeover, allowing an attacker to deface the site, steal sensitive data such as customer information and user credentials, or use the compromised server to host malware and launch further attacks. The potential business impact includes significant reputational damage, financial loss from remediation efforts and potential regulatory fines, and a disruption of online business operations.

Immediate Action: Immediately update the "BerqWP" plugin to the latest patched version provided by the vendor. After updating, conduct a full review of WordPress security settings and file integrity to ensure no compromise has already occurred. If the plugin is no longer necessary for business operations, consider deactivating and removing it entirely to reduce the attack surface.

Proactive Monitoring: Monitor web server access logs for unusual POST requests, particularly those targeting endpoints related to the BerqWP plugin or the store_javascript_cache function. Implement File Integrity Monitoring (FIM) to alert on the creation of unexpected files (especially .php, .phtml) in upload, cache, or plugin directories. Monitor for suspicious outbound network traffic from the web server, which could indicate a web shell communicating with a command-and-control server.

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to block the upload of executable file types. Harden web server file permissions to prevent script execution in directories where files are uploaded.

Public Exploit Available: false

Given the High severity (CVSS 8.1) of this arbitrary file upload vulnerability, immediate action is strongly recommended. Although CVE-2025-7443 is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, the risk of a full server compromise is significant. Organizations using the affected BerqWP plugin should prioritize applying the vendor-supplied patch immediately. After patching, a thorough review of the web server should be conducted to look for any signs of prior compromise, such as unexpected files in upload directories.