Description
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH Color and Label Variations for WooCommerce Security Bypass (1.8.11)
PHP Cryptographic Issues Vulnerability (CVE-2010-1128)
WordPress Plugin Software License Manager Cross-Site Request Forgery (4.4.5)
WebLogic CVE-2020-2548 Vulnerability (CVE-2020-2548)
WordPress Plugin Automated Editor Cross-Site Scripting (1.3)