CVE-2017-18583

The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.