How AI helped us in the process of finding an Unauthenticated PHP Object Injection in a WordPress plugin. In this blog post, we discuss how we discovered and exploited the vulnerability using a novel POP chain.