Unauthenticated File Upload vulnerability discovered by James Golovich in WordPress Advanced Custom Fields PRO premium plugin (versions <= 5.12.2).
Update the WordPress Advanced Custom Fields PRO plugin to the latest available version (at least 5.12.3).