Highland Software Custom Role Manager Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in the Highland Software Custom Role Manager plugin for WordPress, affecting versions through 1.0.0. The issue arises from inadequate authorization checks in the 'hscrm_save_user_roles' function, which is linked to the 'personal_options_update' action. This action is accessible to any authenticated user, allowing attackers with Subscriber-level access or higher to potentially alter user roles via the profile update form.

Impact

Exploitation of this vulnerability allows authenticated users with Subscriber-level access or higher to modify user roles, potentially leading to unauthorized privileges.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can navigate to the profile update form. The 'Highland Software Custom Role Manager' plugin's role management feature will be available as a multi-role checkbox interface. Without proper authorization checks, the user can select and save different roles, effectively escalating privileges by assigning roles that grant more access.

Remediation

Users are advised to update the Highland Software Custom Role Manager plugin to version 1.0.1 or a newer patched version.