CVE-2026-7106
Received Received - Intake
Privilege Escalation in Highland Software Role Manager Plugin

Publication date: 2026-04-27

Last updated on: 2026-04-27

Assigner: Wordfence

Description
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked to the personal_options_update action accessible by any authenticated user. This makes it possible for authenticated attackers, with Subscriber-level access or higher, to potentially modify user roles via the profile update form.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7106
EUVD
EUVD-2026-25769
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
highland_software custom_role_manager to 1.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows authenticated attackers with Subscriber-level access or higher to escalate privileges by modifying user roles. This can lead to unauthorized access to sensitive data or administrative functions.

Such unauthorized privilege escalation can impact compliance with standards like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

If exploited, this vulnerability could result in data breaches or unauthorized data modifications, potentially violating regulatory requirements for data confidentiality, integrity, and access management.

Executive Summary

The Highland Software Custom Role Manager plugin for WordPress has a vulnerability that allows privilege escalation. This occurs because the function hscrm_save_user_roles(), which updates user roles, does not properly check authorization. Since this function is triggered by the personal_options_update action, any authenticated user, even those with only Subscriber-level access, can potentially modify user roles through the profile update form.

Impact Analysis

This vulnerability can have a significant impact because it allows an authenticated user with low-level access (such as a Subscriber) to escalate their privileges by changing user roles. This could lead to unauthorized access to administrative functions, data modification, or other high-level actions within the WordPress site, potentially compromising the entire site’s security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7106. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart