Arbitrary file upload vulnerability in WordPress Delete-All-Comments plugin.