CVE-2025-0954 — The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including — CVE Database · The Intelligence Room