A plugin called Categorify used in WordPress has a security issue where data can be changed without permission. This is because the categorifyAjaxRenameCategory function in versions 1.0.7.4 and below does not have a check to make sure only authorized users can make changes. This means that someone who is logged in and has subscriber-level access or higher can rename categories without permission.