The WordPress Front-end Editor plugin contains an authenticated file upload vulnerability. We can upload arbitrary files to the upload folder, because the plugin also uses it’s own file upload mechanism instead of the wordpress api it’s possible to upload any file type.