The gravitate-qa-tracker plugin up to and including 1.2.1 for WordPress has PHP Object Injection.
gravitatedesign gravitate qa tracker