The WebinarIgnition plugin for WordPress, which allows users to create live or automated webinars, stream or host Zoom meetings, is vulnerable to a type of security flaw called PHP Object Injection. This flaw, which affects all versions of the plugin up to 3.05.0, allows attackers with ‘subscriber’ access or higher to inject a PHP Object. This could allow the attacker to delete files, access sensitive data, or even execute code, depending on what other plugins or themes are installed on the target system.