The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache files contain critical information (such as a backup's secret ID), allowing attackers to find and download the resulting backup files.

While running a new backup (or one automatically runs!), try to get ahold of the following cache file:


Once this is done, you will find the resulting backup file at https://vulnerable-site.tld/wp-content/uploads/wp-staging/backups/vulnerable-site.tld_YYYYMMDD-HHMMSS_SECRETID.wpstg

You can find the date ("YYMMDD"), the time ("HHMMSS") and SECRETID in the information leaked from the cache file.