CVE-2025-10188

Name of the Vulnerable Software and Affected Versions The Hack Repair Guy's Plugin Archiver plugin for WordPress versions up to and including 2.0.4

Description The Plugin Archiver plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the bulk remove() function. This allows unauthenticated attackers to perform arbitrary directory deletion in /wp-content via a forged request if they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update The Hack Repair Guy's Plugin Archiver plugin to a version later than 2.0.4. As a temporary workaround, restrict access to the bulk remove() function until a patch is available.