This Metasploit module exploits an arbitrary PHP code upload in the WordPress Creative Contact Form version 0.9.7. The vulnerability allows for arbitrary file upload and remote code execution.
f67d354bf1423deeda6860a5375cc709458e085127ee4fde423e1181e6630458