CVE-2018-19456 – WP Backup+ <= 2018-11-22 - Sensitive Information Disclosure

https://notcve.org/view.php?id=CVE-2018-19456

The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql. El plugin para WordPess WP Backup+ (conocido como WPbackupplus) hasta 22-11-2018 permite a los atacantes remotos obtener información sensible de los archivos y carpetas del servidor, como lo demuestra download.sql. • http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00006.html https://www.easyhack.in/2018/11/21/wordpress-plugin-database-backup-information-disclosure-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •