CVE-2022-4266: 
WordPress vulnerability analysis and mitigation

CVE-2022-4266 is a Cross-Site Request Forgery (CSRF) vulnerability discovered in the WordPress plugin 'Bulk Delete Users by Email' versions 1.2 and below. The vulnerability was publicly disclosed on December 2, 2022, and was identified by the WPScan security research team (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms in the user deletion functionality of the plugin. It has been assigned a CVSS score of 7.1 (High) and is classified under CWE-352. The vulnerability falls under the OWASP Top 10 category A2: Broken Authentication and Session Management (WPScan).

When exploited, this vulnerability allows attackers to trick authenticated administrators into deleting non-admin users from the WordPress installation by simply knowing their email addresses. The attack can be executed by making a logged-in administrator visit a specially crafted URL (WPScan).

As of the vulnerability disclosure, there is no known fix available for this security issue. Users of the affected plugin should consider implementing additional security measures or using alternative solutions until a patch is released (WPScan).