PHP Object Injection vulnerability was discovered by Robert Rowley (Patchstack) in the WordPress Easy Digital Downloads plugin (versions <= 3.0.1).
Update the WordPress Easy Digital Downloads plugin to the latest available version (at least 3.0.2).