The Create DB Tables plugin for WordPress versions up to 1.2.1 contains a critical authorization bypass vulnerability. The plugin fails to implement proper capability checks or nonce verification for admin_post action hooks, allowing any authenticated user including Subscribers to access table creation and deletion endpoints. Attackers can exploit the cdbt_delete_db_table() function to execute DROP TABLE SQL queries against any database table, including critical WordPress core tables like wp_users or wp_options. The vulnerability also allows creation of arbitrary database tables through the cdbt_create_new_table() function, potentially enabling complete destruction of WordPress installations.