The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.Referenceshttps://wordpress.org/plugins/option-tree/#developershttps://wpvulndb.com/vulnerabilities/9600
