Description
It was determined that your web application is performing Python object deserialization (using the pickle library) of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. Consult Web references section for more information about this issue.
Remediation
The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
References
Related Vulnerabilities
WordPress Plugin Wp-ImageZoom SQL Injection (1.0.7)
Tiki Wiki CMS: Remote Code Execution via Calendar Module
WordPress Plugin WP-Download 'dl_id' Parameter SQL Injection (1.2)
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (1.8.2)
WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)