This vulnerability is highly dangerous and expected to become exploited.
While this vulnerability can be initiated by the role shown in "Required Privilege", successful exploitation requires a privileged user to perform an action — such as clicking a malicious link, visiting a crafted page, or submitting a form.
This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website.
CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.
We advise to mitigate or resolve the vulnerability immediately.
Patchstack has issued a mitigation rule to block any attacks until an official fix becomes available, can be tested and be safely applied.