A critical-severity vulnerability in the File Uploads addon for the Ninja Forms WordPress plugin could allow threat actors to take over vulnerable deployments, cybersecurity firm Defiant warns.