Description The plugin does not prevent directory listing in sensitive directories containing export files.
PoC
- Run backup function http://your_site/wordpress/wp-admin/admin.php?page=njt-fastdup#/ 2) During backup creation, you can intercept the following paths: wordpress/wp-content/plugins/fastdup/logs wordpress/wp-content/njt-fastdup/tmp 3) After backup go to /wordpress/wp-content/njt-fastdup/packages/ and see all backup files inside directory