## https://sploitus.com/exploit?id=WPEX-ID:5D4440F6-D47E-478D-9901-CC25EA5AF631
1. Create a contact form and add a "multiple file upload" field.
2. Add the contact form to a page using the `contact-form-7` shortcode.
3. Visit the page on the frontend and drag a file into the upload section.
4. Intercept the request and append `/../..` to the `upload_dir` parameter.
5. See that the file is uploaded outside of the `wpcf7_drag-n-drop_uploads` directory.