CVE-2023-4153: 
WordPress vulnerability analysis and mitigation

The BAN Users plugin for WordPress (CVE-2023-4153) contains a privilege escalation vulnerability affecting versions up to and including 1.5.3. The vulnerability was discovered and disclosed in September 2023, specifically related to the 'w3dev_save_ban_user_settings_callback' function which lacks proper capability checks (NVD).

The vulnerability stems from a missing capability check in the 'w3dev_save_ban_user_settings_callback' function. This security flaw has been assigned a CVSS v3.1 base score of 8.8 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a serious security issue with network accessibility, low attack complexity, and high impacts on confidentiality, integrity, and availability (Wordfence).

The vulnerability allows authenticated attackers with minimal permissions (such as subscriber-level access) to modify plugin settings, potentially gaining unauthorized access to ban and unban functionality. Additionally, attackers can manipulate the role of unbanned users, leading to significant privilege escalation risks (NVD).

Website administrators running the BAN Users plugin should immediately update to a version newer than 1.5.3 if available. If an update is not possible, consider disabling the plugin until a patch is available (NVD).