CVE-2026-7106 - Highland Software Custom Role Manager - Privilege Escalation

Overview

Highland Software Custom Role Manager plugin for WordPress <= 1.0.0 contains a privilege escalation caused by insufficient authorization checks in hscrm_save_user_roles() function, letting authenticated attackers with Subscriber-level access modify user roles via profile update form.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can escalate privileges by modifying user roles, potentially gaining administrative access.

Mitigation

Update to a version later than 1.0.0 or the latest available version.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Apr 27, 2026

🟠 CVE-2026-7106 - High (8.8) The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked t... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7106/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Apr 27, 2026

🟠 CVE-2026-7106 - High (8.8) The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked t... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7106/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-7106 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score