Description The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site’s backups.
PoC
- Run a backup of the site 2) Notice the following files are all publicly available while the site is being backed up: ./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_links.sql ./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_users.sql ./wp-content/plugins/backup-backup/includes/htaccess/db_tables/wp_termmeta.sql ./wp-content/plugins/backup-backup/includes/htaccess/bmi_logs_this_backup.log (… the list is not exhaustive, virtually every table accessible to the site gets dumped in those log files …)