The Categorify plugin for WordPress has a security issue that allows unauthorized changes to be made to data. This is because there is a capability check missing on the categorifyAjaxClearCategory function in all versions up to and including 1.0.7.4. This means that attackers who are logged in and have at least subscriber-level access can clear categories without permission.