CVE-2023-0820: 
WordPress vulnerability analysis and mitigation

CVE-2023-0820 affects the User Role by BestWebSoft WordPress plugin versions before 1.6.7. The vulnerability was discovered and publicly disclosed on March 13, 2023. This security issue impacts WordPress installations using the affected plugin versions (WPScan).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) with a CVSS score of 7.5 (High). The security flaw exists in the plugin's role capability update functionality, where requests to update role capabilities are not protected against CSRF attacks. This vulnerability is categorized under CWE-352 and falls into the OWASP Top 10 category A2: Broken Authentication and Session Management (WPScan).

The vulnerability allows attackers to perform arbitrary privilege escalation of any role. When exploited, an attacker can manipulate a logged-in administrator to unknowingly execute actions that elevate the privileges of other roles, such as subscribers, potentially granting them full administrative access to the WordPress installation (WPScan).

The vulnerability has been patched in version 1.6.7 of the User Role by BestWebSoft plugin. Website administrators should immediately update to this version or later to protect against potential attacks (WPScan).