No protection on the wp-content/uploads/wp-security-audit-log/* which is indexed by google and allows for attackers to possibly find user information (bad login attempts)
Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/
CPE | Name | Operator | Version |
---|---|---|---|
wp-security-audit-log | lt | 3.1.2 |