EIP-2026-113916

This exploit demonstrates an unrestricted file upload vulnerability in WordPress N-Media Website Contact Form with File Upload plugin version 1.3.4. It allows an attacker to upload a malicious PHP file via a crafted POST request to the admin-ajax.php endpoint.