## https://sploitus.com/exploit?id=WPEX-ID:D3D9DC9A-226B-4F76-995E-E2AF1DD6B17E
1. Navigate to the page where [ffmwp] shortcode is included as Subscriber
2. Upload the malicious PHP file as PDF file (e.g., exploit.pdf)
3. View the file and rename it from exploit.pdf to exploit.php
The file will be accessible via https://example.com/wp-content/uploads/user_uploads/<username>/exploit.php