CVE-2025-10188
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-17
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | hackrepair_plugin_archiver | 2.0.4 |
| wordpress | wordpress | * |
| wordfence | hackrepair_plugin_archiver | 3.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in The Hack Repair Guy's Plugin Archiver plugin for WordPress, affecting all versions up to and including 2.0.4. It occurs because the bulk_remove() function lacks proper nonce validation, which is a security measure to verify that requests are legitimate. As a result, an attacker can trick a site administrator into performing an unintended action, such as clicking a malicious link, which causes arbitrary directory deletion within the /wp-content directory on the server.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized deletion of directories within the /wp-content folder of a WordPress site. Since /wp-content typically contains themes, plugins, and uploads, this can disrupt website functionality, cause data loss, and potentially require site restoration from backups. The attack requires tricking an administrator into clicking a malicious link, so it can result in significant operational impact and downtime.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Hack Repair Guy's Plugin Archiver plugin for WordPress is installed and running a version up to and including 2.0.4. Since the vulnerability involves missing or incorrect nonce validation on the bulk_remove() function, detection involves verifying the plugin version and inspecting requests to the bulk_remove() endpoint for missing or invalid nonce tokens. There are no specific network commands provided to detect this vulnerability directly. However, on the WordPress server, you can check the plugin version by running commands such as `wp plugin list` if WP-CLI is installed, or by inspecting the plugin files. Additionally, monitoring HTTP requests to the WordPress admin plugins page (`plugins.php`) for suspicious bulk action requests without valid nonces could help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Hack Repair Guy's Plugin Archiver plugin to a version later than 2.0.4 where the nonce validation issue is fixed. If an update is not immediately available, restrict access to the WordPress admin area to trusted users only, and educate administrators not to click on untrusted links that could trigger forged requests. Additionally, implementing web application firewall (WAF) rules to block CSRF attempts targeting the bulk_remove() function or the plugins admin page can help mitigate exploitation. Ensuring that user roles and capabilities are properly assigned to prevent unauthorized users from performing bulk plugin actions is also recommended.