Because Wordpress don't give a shit about bug mentioned 3 weeks ago, here you have
a few-steps to own latest version.
It should be mentioned that to exploit this vulnerability we need few things (but
as a 'btw': in 3.5.2 version we have also few other vulnerabilities like persistent XSS
for example and this 'drop-shell'-exploiting, can be done by those (xss) bugs).
To make this vulnerability possible to exploit, you will need:
- file from theme (404.php) writable
- you must get (steal) valid '_wpnonce' value.
Here we go. Below is the poc-code:
Next you need to send your 'poc-page' to logged-in admin user
(who is still logged-in when visiting your page).
Now, 'you' (as this logged-in admin;) ) will see page like this:
And next thing to do is go to not-available postID, like this
one below for example, and add (to 'c' parameter) your command.
That's all. :)
If you have any questions, feel free to ask.