Updated metadata

documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md

@@ -1,7 +1,7 @@
 ## Vulnerable Application
 
 This module exploits an unauth RCE in the WordPress plugin: Backup Migration (<= 1.3.7).  The vulnerability is
-exploitable through the Content-Dir header which is sent to the /includes/backup-heart.php endpoint.
+exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint.
 
 The vuln makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend
 bytes to a string by continuously chaining character encoding conversion. This allows an attacker to prepend

modules/exploits/multi/http/wp_backup_migration_php_filter.rb

@@ -18,9 +18,8 @@ def initialize(info = {})
         info,
         'Name' => 'WordPress Backup Migration Plugin PHP Filter Chain RCE',
         'Description' => %q{
-          Exploit for an unauthenticated remote code execution vulnerability in the WordPress plugin: Backup Migration (<= 1.3.7).
-          The vulnerability is exploitable through the Content-Dir header which is sent to the
-          /includes/backup-heart.php endpoint.
+          This module exploits an unauth RCE in the WordPress plugin: Backup Migration (<= 1.3.7).  The vulnerability is
+          exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint.
 
           The vuln makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend
           bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend