Direct call of meb_download.php with going over archive zip file names allows to intruder get full blog archive including wp-config.php without any permissions.
You must to fix this ASAP.
Read with more details at
- The topic ‘[Plugin: myEASYbackup] Plugin has a critical vulnerability. Must fix ASAP.’ is closed to new replies.