The plugin does not restrict access to a file containing sensitive information, such as the real server IP address, UID and so on, which may help attackers in further attacks.
GET /wp-content/plugins/boldgrid-backup/cli/env-info.php { [...], "php_uname":"Linux wordpress-server X.X.X-XX-generic #XX-Ubuntu [...] x= 86_64", "php_version":"7.X.X", "server_addr":"127.0.0.1", "server_name":"www.example.com", "server_protocol":"HTTP/1.1", "server_software":"Apache/2.X.XX (Ubuntu)", "uid":XX, "username":"www-data" }
2020-12-14 (about 1 years ago)
2020-12-14 (about 1 years ago)
2020-12-15 (about 1 years ago)