CVE-2022-36373: 
WordPress vulnerability analysis and mitigation

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were discovered in the Simon Ward MP3 jPlayer WordPress plugin versions 2.7.3 and below. The vulnerability was disclosed on September 1, 2022, and was assigned the identifier CVE-2022-36373. The plugin was subsequently closed on September 5, 2022, due to these security issues (Patchstack, WordPress Plugin).

The vulnerability received a CVSS score of 5.4, indicating a low to medium severity level. The security issue falls under the OWASP Top 10 category A5: Broken Access Control. The vulnerability could be exploited by unauthenticated users, making it particularly concerning (Patchstack).

The CSRF vulnerabilities could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This could potentially lead to unauthorized actions being performed on behalf of authenticated users (Patchstack).

No official fix was released for this vulnerability. Instead, the plugin was completely removed from the WordPress plugin repository on September 5, 2022, due to the security issues. Users were effectively required to find alternative solutions for their audio player needs (WordPress Plugin).