Unauthenticated Remote Code Execution in Backup Migration (WordPress Plugin).
$ python exploit.py
The following PHP script is executed.
<?php `date > out.txt`; ?>- Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
https://www.wordfence.com/blog/2023/12/critical-unauthenticated-remote-code-execution-found-in-backup-migration-plugin/ - synacktiv/php_filter_chain_generator
https://github.com/synacktiv/php_filter_chain_generator/ - LFI2RCE via PHP Filters - HackTricks
https://book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-php-filters