WordPress Backup Plugin 2.0.1 - Information Disclosure
WordPress Backup plugin is prone to an information disclosure vulnerability. The default configuration exposes a logfile with filenames of the actual backups. An these backup files are available for download. Depending on the settings, it gives an access to a copy of the WordPress database, content, plugins or uploads.
Local folder path setting should be set to a value that cannot be guessed by default. User can configure the plugin accordingly until a fix will be available.
Type Information Disclosure OWASP Top 10 A6: Sensitive Data Exposure