WordPress Plugin Vulnerability Lets Subscribers Wreck Databases

/CRITICAL /CVSS 9.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycwe-862
WordPress Plugin Vulnerability Lets Subscribers Wreck Databases

The National Vulnerability Database (NVD) has identified a critical authorization bypass flaw in the Create DB Tables WordPress plugin, affecting all versions up to 1.2.1. The vulnerability allows any authenticated user, even those with basic Subscriber privileges, to execute arbitrary SQL commands. Specifically, attackers can leverage the admin_post action hooks to delete any database table, including core WordPress tables like wp_users, or create new, arbitrary tables. This effectively grants them the power to destroy an entire WordPress installation.

The core issue, as detailed by the NVD, stems from the plugin’s failure to implement proper capability checks (current_user_can()) or nonce verification (wp_verify_nonce()) on its table creation and deletion endpoints. The attacker’s calculus here is simple: gain low-level access, exploit the unauthenticated endpoints, and cause maximum disruption. The CVSS score of 9.1 (Critical) underscores the severity, as it requires no special privileges beyond basic authentication and can lead to complete data loss or system compromise.

What This Means For You

  • If your organization uses the Create DB Tables plugin for WordPress, you must audit your installations and update to a patched version immediately. Given that any authenticated user can exploit this, review user roles and permissions. Even if you're not on the latest version, ensure this specific plugin is removed or disabled if not actively managed and secured.

Related ATT&CK Techniques

T1200 Hardware Add / Modification Privilege Escalation T1578.002 Data Destruction Impact T1059.004 Unix Shell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1578.002 Impact

WordPress Create DB Tables Plugin - Arbitrary Table Deletion Attempt - CVE-2026-4119

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-4119 Vulnerability CVE-2026-4119
CVE-2026-4119 Affected Product all

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 22, 2026 at 12:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6862 — Libefiboot, A Component Of Efivar Denial of Service

CVE-2026-6862 — A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-674
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6861 — GNU Emacs Denial of Service

CVE-2026-6861 — A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics)...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-193
/SCW Vulnerability Desk /MEDIUM /6.1 /⚑ 2 IOCs /⚙ 2 Sigma

InstructLab Vulnerability: Remote Code Execution via Malicious HuggingFace Models

CVE-2026-6859 — A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve...

vulnerabilityCVEhigh-severitycode-executioncwe-829
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma