Accompanying blog post here[1]. Last time I posted a vulnerability walkthrough[2] for fun on hn (that one was of an eBay info leakage issue) I got a couple of requests for more demos like it, so here's a fun one of how easy it is to compromise an un-patched vulnerable WordPress Plugin.