{"uuid": "de14bab6-9df7-4ab2-8d05-ce6eee53beaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-7241", "type": "seen", "source": "https://t.me/cveNotify/340", "content": "\ud83d\udea8 CVE-2020-7241\nThe WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-20T23:37:39.000000Z"}