This Metasploit module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.
06defc0f9a3b1e41269ef7d6c96eebcf75e56a0475dd25a9e1826f8f400e3fd3