1) Code Injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due improper input validation. A remote authenticated attacker who has this special cookie: AI_WP_DEBUGGING=2 can trigger the debugging feature, send a specially crafted request and execute arbitrary PHP code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install updates from vendor's website.