CVE-2025-10176
📋 TL;DR
This vulnerability allows authenticated WordPress administrators to delete arbitrary files on the server due to insufficient path validation in the Hack Repair Guy's Plugin Archiver plugin. Attackers can achieve remote code execution by deleting critical files like wp-config.php. Only WordPress sites using vulnerable versions of this specific plugin are affected.
💻 Affected Systems
- The Hack Repair Guy's Plugin Archiver WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise via remote code execution leading to data theft, defacement, or malware installation.
Likely Case
Site disruption or downtime from deletion of critical WordPress files, potentially requiring full restoration from backups.
If Mitigated
Limited impact if proper access controls and file permissions prevent unauthorized administrator accounts.
🎯 Exploit Status
Exploitation requires authenticated administrator access, which attackers may obtain through credential theft, brute force, or social engineering.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.5 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/hackrepair-plugin-archiver/tags/2.0.5
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'The Hack Repair Guy's Plugin Archiver'. 4. Click 'Update Now' if update available. 5. Alternatively, download version 2.0.5+ from WordPress plugin repository and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the plugin until patched version can be installed.
wp plugin deactivate hackrepair-plugin-archiver
Restrict file permissions
linuxSet strict file permissions on critical WordPress files to prevent deletion.
chmod 400 wp-config.php
chmod 400 wp-content/*
🧯 If You Can't Patch
- Remove administrator access from untrusted users and implement strong password policies.
- Implement file integrity monitoring to detect unauthorized file deletions.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'The Hack Repair Guy's Plugin Archiver' version 2.0.4 or earlier.Check Version:
wp plugin list --name='hackrepair-plugin-archiver' --field=versionVerify Fix Applied:
Verify plugin version is 2.0.5 or later in WordPress admin panel or by checking plugin header in /wp-content/plugins/hackrepair-plugin-archiver/hackrepair-plugin-archiver.php.📡 Detection & Monitoring
Log Indicators:
- WordPress audit logs showing file deletion events
- Web server logs with POST requests to plugin admin endpoints
Network Indicators:
- HTTP POST requests to /wp-admin/admin.php?page=hackrepair-plugin-archiver with file deletion parameters
SIEM Query:
source="wordpress.log" AND "file deletion" AND "hackrepair-plugin-archiver"