CVE-2013-4454: 
WordPress vulnerability analysis and mitigation

CVE-2013-4454 affects the WordPress Portable phpMyAdmin Plugin version 1.4.1. The vulnerability was discovered on July 24, 2013, and was publicly disclosed in October 2013. This security issue impacts the plugin's authentication mechanisms and information disclosure capabilities (OSS Security).

The vulnerability consists of two main issues: a PHP information disclosure vulnerability through direct access to /pma/phpinfo.php, and multiple security bypass vulnerabilities that allow unauthorized access to various database management functions. The security bypass allows direct access to multiple scripts including /pma/db_create.php, /pma/main.php, /pma/db_datadict.php, /pma/import.php, /pma/querywindow.php, /pma/server_databases.php, and /pma/server_export.php. The CVSS v3.1 base score is 9.1 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (NVD).

The vulnerability allows attackers to access sensitive database information and perform database-level operations. The plugin pulls MySQL credentials directly from wp-config.php (WordPress configuration file), giving unauthorized users access to perform all database operations available through the affected files (OSS Security).

The WordPress plugin team disabled the plugin download in the WordPress repository on September 15, 2013, until the issues are resolved. The plugin was removed from the WordPress plugin directory as a security measure (OSS Security).