CVE-2022-37403: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Nikhil Vaghela's Add User Role WordPress plugin version 0.0.1 and below. The vulnerability was disclosed on August 30, 2022, and requires administrator or higher privileges for exploitation (AttackerKB, Wordfence). Due to the security concerns, the plugin was subsequently closed and removed from the WordPress plugin repository on August 29, 2022 (WordPress).

The vulnerability has been assigned a CVSS v3 Base Score of 4.8 (Medium), with an Impact Score of 2.7 and Exploitability Score of 1.7. The attack vector is Network-based (AV:N), with Low attack complexity (AC:L), requiring High privileges (PR:H) and User Interaction (UI:R). The scope is Changed (S:C), with Low impact on both Confidentiality (C:L) and Integrity (I:L), and No impact on Availability (A:N) (AttackerKB).

The vulnerability could allow authenticated users with administrative privileges to execute stored cross-site scripting attacks, potentially affecting the confidentiality and integrity of the WordPress installation (AttackerKB).

The WordPress plugin repository has removed the vulnerable plugin. Users should uninstall the Add User Role plugin from their WordPress installations as no patches are available (WordPress).