The Joli Table of Contents plugin for WordPress is at risk of being exploited by unauthenticated attackers. This is because the plugin is missing or incorrectly validating a security feature known as a nonce on the jtocHandleNotice() function. This means attackers could trick a site administrator into clicking a link or performing some other action, allowing them to modify the status of notices. To fix this, users should upgrade to the latest version of the Joli Table of Contents plugin (1.3.9 or higher).