The Yet Another Stars Rating plugin for WordPress is vulnerable to a type of cyber attack known as PHP Object Injection. This type of attack can happen if someone is using an older version of the plugin, up to and including version 1.8.6. The vulnerability is caused by a special type of code called “deserialization” which can be found in the yasr-shortcode-functions.php file. This type of code can be used by unauthenticated attackers to inject a PHP Object. If this happens, it can also allow the attackers to remotely execute arbitrary code on the affected system.