In this section, we will look at the RCE vulnerability, which existed in WordPress version 5.0.0 and below. This exploit chains two different vulnerabilities to achieve code execution (path traversal and local file inclusion). Metasploit already has a module for this exploit.