CVE-2020-7241

2020-01-2019:44:28

mitre

www.cve.org

0.003 Low

EPSS

Percentile

68.4%

JSON

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0…1}{0…2}_{0…3}{0…9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.