Guy Shavit

**Name of the Vulnerable Software and Affected Versions** Database Toolset plugin for WordPress versions up to, and including, 1.8.4 **Description** The issue allows unauthenticated attackers to extract sensitive data from database backup files stored in a publicly accessible location. This is possible because an index file is present, although a brute force attack would be required to compromise any data. **Recommendations** For Database Toolset plugin for WordPress versions up to, and including, 1.8.4, update to a version later than 1.8.4 to prevent sensitive information exposure. As a temporary workaround, consider restricting access to the backup files stored in publicly accessible locations to minimize the risk of exploitation.