Calls to Action uses inboundAnalytics.js (or inboundAnalytics.min.js) which seems to get called, even on wp-admin pages. One of the function of the Analytics script is setUrlParams(), which takes parameters from the URL, and saves them as cookies.
One such parameter is the “action”, as in “post.php?post=12104&action=edit”.
When a user uploads a file (via AJAX) to /wp-admin/async-upload.php, it checks isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action']
$_REQUEST incorporates $_GET, $_POST, and $_COOKIES so the condition fails, missing a critical statement: define( 'DOING_AJAX', true );
After the AJAX upload is completed, wp_die is called, and without DOING_AJAX defined as true, the _default_wp_die_handler is used (instead of _ajax_wp_die_handler) causing Wordress to append HTML for a blank error, and return HTTP 500