CVE-2018-19456

CVE-2018-19456

EPSS 1.8%

The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00006.html https://www.easyhack.in/2018/11/21/wordpress-plugin-database-backup-information-disclosure-vulnerability/