Share
## https://sploitus.com/exploit?id=WPEX-ID:8B5B5B57-50C5-4CD8-9171-168C3E9DF46A
As admin, upload a PHP file via the Add Logo page of the plugin (https://example.com/wp-admin/options-general.php?page=simple-schools-staff-directory%2Fsi_main.php)

The file will be located at  https://example.com/wp-content/uploads/logos/<filename.php>