The Hack Repair Guy's Plugin Archiver WordPress Plugin Arbitrary File Deletion Vulnerability
Vulnerability
A vulnerability allowing arbitrary file deletion has been identified in The Hack Repair Guy's Plugin Archiver for WordPress, affecting all versions through 2.0.4. This issue arises from inadequate file path validation in the 'prepare_items' function, which enables authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server. Exploiting this vulnerability could lead to remote code execution, particularly if a critical file like 'wp-config.php' is deleted.
Impact
Successful exploitation allows authenticated users with Administrator privileges to delete arbitrary files on the server. This could result in remote code execution if a sensitive file, such as 'wp-config.php', is removed.
Remediation
Users are advised to update The Hack Repair Guy's Plugin Archiver to version 3.1.1 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.