CVE-2025-9018

The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ttupdatetablefunction' and 'ttdeleterecordfunction' functions in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers...

CVE-2022-2144

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...