The Categorify plugin for WordPress has a security issue that allows unauthorized changes to be made to its data. This is because the categorifyAjaxDeleteCategory function does not have a capability check, which is needed to ensure only authorized users can delete categories. This vulnerability exists in all versions up to and including 1.0.7.4. It means that someone with subscriber-level access or higher can delete categories even if they are not supposed to.