## https://sploitus.com/exploit?id=WPEX-ID:5D4440F6-D47E-478D-9901-CC25EA5AF631 1. Create a contact form and add a "multiple file upload" field. 2. Add the contact form to a page using the `contact-form-7` shortcode. 3. Visit the page on the frontend and drag a file into the upload section. 4. Intercept the request and append `/../..` to the `upload_dir` parameter. 5. See that the file is uploaded outside of the `wpcf7_drag-n-drop_uploads` directory.