A simple wordpress webshell injector
This is an attack script to insert a simple webshell in a file of the wordpress plugin "Event Register" by making use of the Wordpress Plugin Editor feature.
It can be injected via a persistent XSS in the attendee's list.
Probably also useful with other persistent XSS vulnerabilities, though you would have to adapt the URLs to inject into another file.