Reference: https://www.pluginvulnerabilities.com/2017/01/26/vulnerability-details-arbitrary-file-upload-vulnerability-in-developer-tools/ The following proof of concept will upload the selected file to the directory /wp-content/plugins/developer-tools/libs/. Make sure to replace “[path to WordPress]” with the location of WordPress.