Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data.
1) There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These files may also contain a full link to the backup folders if the backup is successful.
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_usage.log"
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/backup_status.log"
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/backup_response.log"
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_DATABASE_Upgrade.log"
"https://example.com/wordpress/wp-content/plugins/wp-backitup/logs/debug_PLUGIN_Upgrade.log"