A recently disclosed vulnerability in the popular Ninja Forms “File Upload” addon has placed roughly 50,000 WordPress sites at risk of full takeover. Tracked as CVE-2026-0740 and carrying a CVSS score of 9.8, the flaw allows unauthenticated arbitrary file uploads — a straightforward path to remote code execution (RCE) for attackers. Site owners who rely on the affected plugin must