## https://sploitus.com/exploit?id=WPEX-ID:578093DB-A025-4148-8C4B-EC2DF31743F7
As an admin upload a php file containing the palyload zipped along with a valid XML file via the New Import Upload page of the plugin:
https://example.com//wp-admin/admin.php?page=pmxi-admin-import
When the upload finishes you'll be able to find the random directory it was sent to by checking the links on the source code of the Managed Imports page:
http://example.com/wp-admin/admin.php?page=pmxi-admin-manage
The file will be located at something like:
https://example.com/wp-content/uploads/wpallimport/uploads/f8ac124b335362e2faed2da06d2123d5/folder/filename.php