Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability in the Create DB Tables plugin for WordPress allows any authenticated user to delete existing database tables or create new ones. This could lead to the complete destruction of a WordPress site.
- Affects any authenticated user.
- Can delete or create database tables.
- Potential for complete site destruction.
Attack Path
How an attacker could exploit the issue
An attacker with any authenticated user role, even a subscriber, can exploit this flaw. They would simply log in and use the plugin's administrative endpoints to drop any database table or create new ones. This allows for complete data destruction and potentially the complete compromise of the WordPress installation.
- Requires authenticated user access.
- Targets database table creation/deletion.
- Attacker drops critical WordPress tables.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability in the Create DB Tables plugin allows any authenticated user, even with basic subscriber access, to delete or create arbitrary database tables. This makes it possible to completely destroy a WordPress installation. Given the plugin's functionality and the low privilege requirement for exploitation, it is likely to be weaponized.
- Widely used platform
- Exploitable by low-privilege users
- Full site destruction possible
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize immediate review of logs for unauthorized database table creation or deletion events associated with the Create DB Tables plugin. Given the critical nature and low barrier to exploitation, isolate any WordPress instances using this plugin if they are internet-facing and cannot be immediately patched. Confirm that all affected WordPress sites are identified and that the plugin is disabled or removed.
- Audit logs for malicious SQL queries.
- Disable the Create DB Tables plugin.
- Monitor for unauthorized table modifications.
