CVE-2024-43160
📋 TL;DR
CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plugin that allows attackers to upload malicious files without authentication. This can lead to remote code execution, complete system compromise, and website defacement. All WordPress sites running BerqWP version 1.7.6 or earlier are affected.
💻 Affected Systems
- BerqWP WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover, data exfiltration, ransomware deployment, and use as pivot point for network attacks.
Likely Case
Website defacement, malware injection, backdoor installation, and credential theft.
If Mitigated
Limited impact with proper file upload restrictions, web application firewalls, and file integrity monitoring.
🎯 Exploit Status
Exploitation requires no authentication and is trivial with publicly available proof-of-concept code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.7 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/searchpro/wordpress-berqwp-plugin-1-7-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find BerqWP and click 'Update Now'. 4. Verify version is 1.7.7 or higher.
🔧 Temporary Workarounds
Disable BerqWP Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate berqwp
Restrict File Uploads via .htaccess
linuxBlock PHP file uploads in WordPress uploads directory.
<FilesMatch "\.(php|php5|php7|phtml|phar)$">
Order Deny,Allow
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file upload requests to vulnerable endpoints.
- Enable file integrity monitoring on WordPress uploads directory and alert on new PHP file creation.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for BerqWP version ≤1.7.6.Check Version:
wp plugin list --name=berqwp --field=versionVerify Fix Applied:
Confirm BerqWP version is 1.7.7 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-content/plugins/berqwp/upload.php with file uploads
- Unauthenticated file upload attempts
- New PHP files in uploads directory
Network Indicators:
- HTTP POST requests to vulnerable upload endpoints from untrusted sources
- File uploads with PHP extensions
SIEM Query:
source="web_logs" AND (uri_path="/wp-content/plugins/berqwp/upload.php" OR uri_path="/wp-content/uploads/*.php") AND http_method="POST"