Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the ‘prime-mover-export-files/1/’ folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and configuration information, directories, files, and password hashes.
View the template here CVE-2023-6505.yaml
References:
https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629