Reference: https://www.pluginvulnerabilities.com/2017/04/21/cross-site-request-forgery-csrfarbitrary-file-upload-vulnerability-in-thecartpress/ The following proof of concept will cause the chosen file to be uploaded to the directory /wp-content/plugins/thecartpress/uploads/tcp/, when logged in as an Administrator. Make sure to replace “[path to WordPress]” with the location of WordPress and “[ID of Product Post]” with the ID of a post for an existing product (which is listed in numerous places in the source code of product’s page).