Automattic: Object Injection in Woocommerce / Handle PDT Responses from PayPal
At this moment prevention from object injection is in the following line of code: pregmatch '/^a:2:/', $rawcustom && ! pregmatch '/CO:+?0-9+:"/', $rawcustom && $custom = maybeunserialize $rawcustom but the PHP native unserialize function supports little o as option in it and it is a StdClass...