Ridiculous! I've been talking about this for some time, the actual
list of vulnerable files follows:
wp-admin\admin-functions.php
wp-admin\includes\admin.php
wp-admin\includes\class-ftp-pure.php
wp-admin\includes\class-ftp-sockets.php
wp-admin\includes\class-wp-filesystem-direct.php
For what it's worth (to your research) there are also hybrids; ie, a
normal executable can be executed from a dll perspective, as the other
way round; they're the same format.
Executables simply have a specific standard entry point.
Thought I'd remind you that this vuln might exist in less known