This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands on the site’s underlying server.
Am I At Risk?
At the time of writing this, this is still a zero-day vulnerability—meaning there are no official patches available to fix this issue.
Source: Scuri check