CVE-2020-7241

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0…1}{0…2}_{0…3}{0…9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.