CVE-2019-9574

The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt