Does WelcomeUser! have any unpatched vulnerabilities?

No. All known vulnerabilities in WelcomeUser! have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WelcomeUser! compatible with WordPress 3.4.2?

According to WordPress.org data, WelcomeUser! 0.1 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is WelcomeUser! updated?

WelcomeUser! was last updated on Mar 8, 2012. Frequent updates are generally a positive security signal.

What is WelcomeUser!'s security score?

WelcomeUser! has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WelcomeUser! Security & Risk Analysis

wordpress.org/plugins/welcomeuser

Add commonly seen user login links and welcome messages to the meta / utility section of your blog.

10 active installs v0.1 PHP + WP 3.1+ Updated Mar 8, 2012

adminawesomefootermessagewelcomeuser

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WelcomeUser! Safe to Use in 2026?

Generally Safe

Score 85/100

WelcomeUser! has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "welcomeuser" v0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and avoiding file operations or external HTTP requests. The absence of recorded vulnerabilities and CVEs in its history is also a strong indicator of a well-maintained or less complex plugin. However, significant concerns arise from the static analysis. The plugin lacks any nonce checks or capability checks, leaving its single entry point, a shortcode, vulnerable to unauthorized access and potential manipulation. Furthermore, a very low percentage (10%) of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be rendered without proper sanitization. The lack of taint analysis results does not necessarily imply safety, as the analysis might have been incomplete or the plugin's complexity did not trigger the taint engine.

Key Concerns

Missing capability checks for entry points
Missing nonce checks for entry points
Low percentage of properly escaped output

Vulnerabilities

None known

WelcomeUser! Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WelcomeUser! Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

10% escaped21 total outputs

Attack Surface

WelcomeUser! Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[nlws_wu] wu-init.php:47

WordPress Hooks 3

actionadmin_initwu-init.php:44

actionadmin_menuwu-init.php:45

actionadmin_enqueue_scriptswu-init.php:46

Maintenance & Trust

WelcomeUser! Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedMar 8, 2012

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WelcomeUser! Alternatives

Admin User Message

admin-user-message

Add message to users of your site. Choose wheter they can dismiss it or not.

200 No CVEs

BNS Add Widget

bns-add-widget

Add a widget area to the footer of any theme.

200 No CVEs

Hide Update Reminder Message

hide-update-reminder-message

Hides the Update Reminder in the Admin for all non Admin users.

200 No CVEs

Personal Admin Footer

personal-admin-footer

Welcome users to your dashboard with a personal 'Thank you for visiting My Site' in the footer

200 No CVEs

Custom Admin Footer Text

custom-admin-footer-text

Display custom text (or links) in the admin footer.

100 No CVEs

Developer Profile

WelcomeUser! Developer Profile

chriscarvache

3 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WelcomeUser!

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/welcomeuser/css/jquery-ui-1.8.16.custom.css/wp-content/plugins/welcomeuser/js/wu.js

Script Paths

/wp-content/plugins/welcomeuser/js/wu.js

HTML / DOM Fingerprints

Shortcode Output

[nlws_wu]

FAQ

WelcomeUser! Security & Risk Analysis

Is WelcomeUser! Safe to Use in 2026?

Generally Safe

Key Concerns

WelcomeUser! Security Vulnerabilities

WelcomeUser! Code Analysis

Output Escaping

WelcomeUser! Attack Surface

Shortcodes 1

WelcomeUser! Maintenance & Trust

Maintenance Signals

Community Trust

WelcomeUser! Alternatives

Admin User Message

BNS Add Widget

Hide Update Reminder Message

Personal Admin Footer

Custom Admin Footer Text

WelcomeUser! Developer Profile

How We Detect WelcomeUser!

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WelcomeUser!