CVE Catalog

CVE-2026-4297

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.46%

37th percentile - higher than 37% of all known CVEs

Summary

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. The missing capability check in the nc_setOption() function allows authenticated attackers with Subscriber-level access and above to update arbitrary WordPress options via XML-RPC requests.

Risk Assessment

Attackers can exploit this vulnerability to change the default_role option to 'administrator', leading to privilege escalation and site takeover.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability and to implement additional security measures for the XML-RPC interface.

Original NVD description (English source)

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOption() function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the user via $wp_xmlrpc_server->login() (verifying credentials are valid) but does not perform any authorization check such as current_user_can('manage_options'). This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary WordPress options via XML-RPC requests. This can be leveraged to change the default_role option to 'administrator' and then register a new administrator account, achieving full privilege escalation and site takeover.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS