WordPress Duplicator 3.8.7 Backup Disclosure

====================================================================================================================================| # Title     : WordPress - Duplicator 3.8.7 Backup Disclosure Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit)                                            | | # Vendor    : https://snapcreek.com/duplicator/docs/changelog/                                                                   |  | # Dork      : "/wp-content/backups-dup-pro/"                                                                                     |====================================================================================================================================P0C :[+] appears to leave backups in a world accessible directory under the document root & The plugin exports a backup exported as a text file and contains sensitive informations.[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : "/wp-content/backups-dup-pro/"[+] https://127.0.0.1/pfauen.de/wp-content/backups-dup-pro/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |=======================================================================================================================================