The Replyable plugin for WordPress is vulnerable to security issues in versions up to and including 2.2.9. If an unauthenticated attacker is able to trick a site administrator into clicking a link, they can use Cross-Site Request Forgery and PHP Object Injection to inject a malicious code on the site. If there is a useable gadget installed, it could potentially lead to a remote code execution.