Ymmfty0

**Name of the Vulnerable Software and Affected Versions** Backup Migration WordPress plugin versions prior to 2.0.0 **Description** The Backup Migration WordPress plugin does not correctly create its backup path under specific server setups. This allows users without authorization to access a log file that reveals the backup filename. Subsequently, the backup archive can be downloaded without authentication. **Recommendations** Update the Backup Migration WordPress plugin to version 2.0.0 or later.