custom-content-type-manager WordPress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.
