Unauthenticated PHP Object Injection in Booktics <= 1.0.21 versions.
Update the WordPress Booktics Plugin to the latest available version (at least 1.0.22).