[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
 | [+] Exploit Title: Wordpress Better-wp-security  Plugin Remote Code Execution
 | [+] Exploit Author:  Milad Hacking
 | [+] Vendor Homepage : https://wordpress.org/plugins/better-wp-security/
 | [+] Download Link : https://downloads.wordpress.org/plugin/better-wp-security.4.6.12.zip
 | [+] Tested on: Kali , lceweasel
 | [+] Date : 2015-04-04
 | [+] Version : 4.6.12
 | [+] Google Dork : inurl:wp-content/plugins/better-wp-security
 | [+] Discovered By : Milad Hacking
 |-------------------------------------------------------------------------|
 | [+] Exploit: |
 | [+] Location : http://site.com/wp-content/plugins/better-wp-security/better-wp-security.php
 | [+] Vulnerability is also triggered in: http://site.com/wp-content/plugins/better-wp-security/core/class-itsec-core.php
 | [+] Vulnerable Code : Line 723
 | [+] Screenshot : http://fullsecurity.org/acc/wp-content/uploads/Screenshot-from-2015-04-03-012110-e1427980993309.png


public function admin_tooltip_ajax() {

                        global $itsec_globals;

                        if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce(
sanitize_text_field( $_POST['nonce'] ), 'itsec_tooltip_nonce' ) ) {
                                die ();
                        }

                        if ( sanitize_text_field( $_POST['module'] ) == 'close' ) {

                                $data                       = $itsec_globals['data'];
                                $data['tooltips_dismissed'] = true;
                                update_site_option( 'itsec_data', $data );

                        } else {

                                call_user_func_array( $this->tooltip_modules[ sanitize_text_field(
$_POST['module'] ) ]['callback'], array() );

                        }

                        die(); // this is required to return a proper result

                }

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]