Welcome Software Publishing Security & Risk Analysis

wordpress.org/plugins/newscred-publishing

Supercharge your Welcome Software CMP experience with this plugin.

40 active installs v0.0.31 PHP + WP 6.0+ Updated Feb 18, 2024
cmccontentnewscredpublishingwelcomesoftware
60
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 23, 2026
Download
Safety Verdict

Is Welcome Software Publishing Safe to Use in 2026?

Use With Caution

Score 60/100

Welcome Software Publishing has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 23, 2026Updated 2yr ago
Risk Assessment

The newscred-publishing plugin version 0.0.31 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs, critical taint flows, dangerous functions, or direct SQL queries is highly positive. The plugin also demonstrates good practices with 100% of SQL queries using prepared statements and at least one capability check. However, there are areas for improvement. The output escaping is only 60% properly handled, indicating a potential risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered without adequate sanitization. Furthermore, the lack of any detected nonce checks or clear permission callbacks on its (albeit zero) entry points suggests a potential blind spot in how these mechanisms are implemented or assessed. The plugin's minimal attack surface (0 entry points) is a significant strength, but the lack of specific detail on how the single file operation and capability check are secured leaves room for concern.

Key Concerns

  • Output escaping only 60% proper
  • No nonce checks detected
  • No permission callbacks on REST API
  • File operations without clear security context
Vulnerabilities
1 published

Welcome Software Publishing Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-4297high · 8.8Missing Authorization

Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method

Jun 23, 2026Unpatched
Version History

Welcome Software Publishing Release Timeline

v0.0.31Current1 CVE
v0.0.301 CVE
v0.0.291 CVE
v0.0.281 CVE
v0.0.271 CVE
v0.0.261 CVE
v0.0.251 CVE
v0.0.241 CVE
v0.0.231 CVE
v0.0.221 CVE
v0.0.211 CVE
v0.0.201 CVE
v0.0.191 CVE
v0.0.181 CVE
v0.0.171 CVE
v0.0.161 CVE
v0.0.151 CVE
v0.0.141 CVE
v0.0.131 CVE
v0.0.121 CVE
Code Analysis
Analyzed Apr 16, 2026

Welcome Software Publishing Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
3 escaped
Nonce Checks
0
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

60% escaped5 total outputs
Attack Surface

Welcome Software Publishing Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
filterxmlrpc_methodsnewscred.php:14
actioninitnewscred.php:21
actionwp_headnewscred.php:23
actionwp_headnewscred.php:24
actionwp_headnewscred.php:25
filterposts_resultsnewscred.php:27
filteruser_has_capnewscred.php:29
actionparse_querynewscred.php:34
filterxmlrpc_prepare_postyoast.php:3
Maintenance & Trust

Welcome Software Publishing Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedFeb 18, 2024
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Developer Profile

Welcome Software Publishing Developer Profile

newscred

1 plugin · 40 total installs

66
trust score
Avg Security Score
60/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Welcome Software Publishing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/newscred-publishing/newscred-publishing.js/wp-content/plugins/newscred-publishing/editor.js
Script Paths
/wp-content/plugins/newscred-publishing/newscred-publishing.js/wp-content/plugins/newscred-publishing/editor.js

HTML / DOM Fingerprints

Data Attributes
nc-preview-token
JS Globals
nc_preview_tokennc_preview_link
FAQ

Frequently Asked Questions about Welcome Software Publishing