CVE-2020-7241

Name of the Vulnerable Software and Affected Versions WP Database Backup plugin through 5.5 for WordPress

Description The issue allows attackers to potentially read ZIP archives by guessing random ID numbers, date strings in a specific format, or UNIX timestamps, and then making HTTPS requests with the complete guessed URL to the default local storage directory wp-content/uploads/db-backup/.

Recommendations For WP Database Backup plugin through 5.5, consider changing the default download storage directory to a more secure location or implementing measures to prevent unauthorized access to the wp-content/uploads/db-backup/ directory until a patch is available.