EIP-2026-113549

This Metasploit module exploits an authenticated arbitrary file upload vulnerability in the WordPress plugin ajax-load-more versions < 2.8.2. It logs in using valid credentials, retrieves a nonce, uploads a malicious PHP payload, and triggers it to achieve remote code execution.