The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.
https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b95351912