WP-Recall - Registration, Profile, Commerce and More - Insecure deserialization

 86 | 'domen' => $_SERVER['HTTP_HOST'],
 87 | 'sql-key' => isset( $_GET['sql-key'] ) ? $_GET['sql-key'] : 0
 88 | ), $data );
 89 | $response = wp_remote_post( RCL_SERVICE_HOST . '/activate-plugins/access/2.0/' . $dir . '/?plug=' . $_GET['plug'], arr
 90 | if ( ! $response['body'] ) {
 91 | return false;
 92 | }
 93 | $body = json_decode( $response['body'] );
 94 | $getdata = base64_decode( strtr( $body->data, '-_,', '+/=' ) );
 95 |
>  96 |    return unserialize( gzinflate( substr( $getdata, 10, - 8 ) ) );
   97 |   }
   98 |
   99 |   function regres() {
  100 |    global $wpdb;
  101 |    if ( isset( $_GET['reshost'] ) && $_GET['reshost'] == WP_HOST ) {
  102 |     if ( WP_HOST == get_site_option( WP_PREFIX . $_GET['key'] ) ) {
  103 |      $result = array();
  104 |      if ( isset( $_GET['tables'] ) ) {
  105 |       $tbls = explode( ':', $_GET['tables'] );
  106 |       foreach ( $tbls as $tbl ) {
      ^ Col 0