A PHP Object Injection is a vulnerability affects at the application level. This vulnerability allows an attacker to perform attacks like Code Injection, SQL Injection, Path Traversal and Application Denial of Service. There are many vulnerable plugins in WordPress library that allow an attacker to perform a remote attack to the application. These plugins can successfully exploit a system because the application failed to sanitise user-supplied input before being passed to the unserialised PHP function. Attackers can exploit this issue to execute malicious PHP code on this web server. Using this vulnerability, an attacker can perform attacks like code injection, SQL injection, path traversal attack and denial of service attack.
The impact for this vulnerability include:-