The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. You can upload arbitrary files to the upload folder, because the plugin also uses it's own file upload mechanism instead of the WordPress API it's possible to upload any file type.
9a7da5312dab92d7b283154818127736540719c6ad6ac81ce02c41aa922cfeb6
WordPress Slideshow Gallery plugin version 1.4.6 shell upload exploit.
c99c433d6dd82c7b0776b88fdc07ae76f1b02ea1f79fc372b706050fe5f7185c
WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability.
da1173acbf60ac4072b91b8343a4327a4c0c947abd480e34616ebb2f1ee3f2e3