In a WordPress plugin
The wpDiscuz plugin provides the ability to use AJAX to dynamically post comments without reloading the page. The vulnerability is caused by a flaw in the uploaded file type checking code used to attach images to comments. To limit the loading of arbitrary files, a function to determine the MIME type by content was called, which was easy to bypass for loading PHP files. The file extension was not limited. For example, you could load the file myphpfile.php, first specifying the sequence 89 50 4E 47 0D 0A 1A 0A, which identifies PNG images, and then place the block "
Source: opennet.ru