Skip to main content

Welcome Software Publishing

1 CVEs product

Monthly

CVE-2026-4297 HIGH This Week

Privilege escalation in the Welcome Software Publishing WordPress plugin (versions ≤ 0.0.31) allows any authenticated user with Subscriber-level access or above to update arbitrary WordPress options via the nc.setOption XML-RPC method. By modifying the default_role option to 'administrator' and registering a new account, attackers achieve full site takeover. No public exploit identified at time of analysis, but the attack pattern is trivial and well-documented for similar WordPress XML-RPC missing-capability flaws.

WordPress Authentication Bypass Privilege Escalation Welcome Software Publishing
NVD
CVSS 3.1
8.8
EPSS
0.5%
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in the Welcome Software Publishing WordPress plugin (versions ≤ 0.0.31) allows any authenticated user with Subscriber-level access or above to update arbitrary WordPress options via the nc.setOption XML-RPC method. By modifying the default_role option to 'administrator' and registering a new account, attackers achieve full site takeover. No public exploit identified at time of analysis, but the attack pattern is trivial and well-documented for similar WordPress XML-RPC missing-capability flaws.

WordPress Authentication Bypass Privilege Escalation +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy