The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blogCreditsErwan LR (WPScan)WPScanReferenceshttps://wpscan.com/vulnerability/7d7fe498-0aa3-4fa7-b560-610b42b2abed