WordPress CMS Command Client plugin version 2.21 suffer from a PHP object injection vulnerability.