Welcome Software Publishing
Monthly
Privilege escalation in the Welcome Software Publishing WordPress plugin (versions ≤ 0.0.31) allows any authenticated user with Subscriber-level access or above to update arbitrary WordPress options via the nc.setOption XML-RPC method. By modifying the default_role option to 'administrator' and registering a new account, attackers achieve full site takeover. No public exploit identified at time of analysis, but the attack pattern is trivial and well-documented for similar WordPress XML-RPC missing-capability flaws.
Privilege escalation in the Welcome Software Publishing WordPress plugin (versions ≤ 0.0.31) allows any authenticated user with Subscriber-level access or above to update arbitrary WordPress options via the nc.setOption XML-RPC method. By modifying the default_role option to 'administrator' and registering a new account, attackers achieve full site takeover. No public exploit identified at time of analysis, but the attack pattern is trivial and well-documented for similar WordPress XML-RPC missing-capability flaws.