This vulnerability allows any authenticated low-privilege attacker (including Subscriber-level users) to bypass authorization on database operations. Attackers can execute arbitrary DROP TABLE SQL queries to delete critical core WordPress database tables. This can result in complete destruction of the entire WordPress site.
Remediation
Update the Create DB Tables plugin to the latest patched version as soon as it is released. Uninstall the plugin immediately if no patch is available. Limit plugin installation on WordPress sites to only actively maintained, trusted tools.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.