Is Highland Software Custom Role Manager affected by CVE-2026-7106?

Highland Software Custom Role Manager for WordPress (versions prior to 1.0.1) contains a privilege escalation vulnerability allowing authenticated subscribers to elevate themselves to administrator, granting unrestricted control over site content, user management, and system configuration.

Highland Software Custom Role Manager CVE-2026-7106

EUVD-2026-25769 HIGH

Improper Privilege Management (CWE-269)

2026-04-27 Wordfence

WordPress Privilege Escalation

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 18:52 vuln.today

cvss_changed

Analysis Generated

Apr 27, 2026 - 03:30 vuln.today

DescriptionNVD

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked to the personal_options_update action accessible by any authenticated user. This makes it possible for authenticated attackers, with Subscriber-level access or higher, to potentially modify user roles via the profile update form.

AnalysisAI

Authenticated attackers with Subscriber-level privileges can escalate to Administrator role in Highland Software Custom Role Manager for WordPress via profile update exploitation. The hscrm_save_user_roles() function lacks capability checks on the personal_options_update hook, allowing low-privilege users to modify arbitrary user roles including their own. …

RemediationAI

Within 24 hours: Inventory all WordPress installations using Highland Software Custom Role Manager and document current version numbers. Within 7 days: Update Custom Role Manager to version 1.0.1 or later on all affected instances; verify update success by checking plugin version in WordPress admin. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-3844 CRITICAL Act Now

9.8 Apr 23

Arbitrary file upload in Breeze Cache for WordPress allows unauthenticated remote attackers to upload malicious files an

CVE-2026-4106 MEDIUM This Month POC

5.3 Apr 23

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some P

CVE-2026-5306 MEDIUM This Month POC

5.4 Apr 28

Stored XSS vulnerability in Check & Log Email WordPress plugin before version 2.0.13 allows authenticated users with low

CVE-2026-6741 HIGH This Week

8.8 Apr 27

The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Esca

CVE-2026-5364 HIGH This Week

8.1 Apr 24

Remote code execution in Drag and Drop File Upload for Contact Form 7 plugin (≤1.1.3) allows unauthenticated attackers t

CVE-2026-7106 vulnerability details – vuln.today

Back

Highland Software Custom Role Manager CVE-2026-7106

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code