## https://sploitus.com/exploit?id=WPEX-ID:5A71049A-09A6-40AB-A4E8-44634869D4FB
The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache files contain critical information (such as a backup's secret ID), allowing attackers to find and download the resulting backup files.
While running a new backup (or one automatically runs!), try to get ahold of the following cache file:
https://vulnerable-site.tld/wp-content/uploads/wp-staging/cache/jobCache_backup_job.cache
Once this is done, you will find the resulting backup file at https://vulnerable-site.tld/wp-content/uploads/wp-staging/backups/vulnerable-site.tld_YYYYMMDD-HHMMSS_SECRETID.wpstg
You can find the date ("YYMMDD"), the time ("HHMMSS") and SECRETID in the information leaked from the cache file.