The Wordpress Theme "platform" contains a remote code execution vulnerability through an unchecked admin_init call. The theme includes the uploaded file from it's temp filename with php's include function.
c111d9d51c266ad61917964f9eea57d1334074e2ca4b8eb80252f3ed807ddc0f