As a security measure we have set up that PHP and Javascript files cannot be executed via the uploads folder of Wordpress. This reduces the risk of your website being hacked. If you call a file with the appropriate extensions on the site that is in the uploads folder, the corresponding script will be displayed in plain text on the website. 

We recommend moving the files to another folder to make them executable. You can create a separate folder in the wp content folder and call the scripts from there. It is also possible, when the script comes from a plugin, to place it in the folder of the plugin. You run the risk that when the plugin is updated the files can be changed or even deleted.