Description
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
Remediation
References
Related Vulnerabilities
WordPress Plugin Digg Digg Cross-Site Request Forgery (5.3.4)
WordPress Plugin WebP Converter for Media Cross-Site Request Forgery (1.0.2)
PHP Other Vulnerability (CVE-2007-0911)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.26)
WordPress Plugin jcwp youtube channel embed Cross-Site Scripting (1.5.2)