The plugin sitebuilder-dynamic-components insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector.
Attack is exploitable over AJAX calls sites with the sitebuilder-dynamic-components Plugin.