Przemyslaw Sierocinski

A logged in user can be tricked into visiting a site executing a POST request like this (possible since there is no nonce checking here): ``` POST /wp/wp-admin/admin-ajax.php HTTP/1.1 Host:...

Currently backup files location is very predictable - a dedicated individual would only need to check every second from a selected time frame. In most cases the right target would...