cleantalk
Vulnerabilities and Security Researches

New User Approve, CVE-2026-0832

CVE, Research URL

CVE-2026-0832

Home page URL

Security reports for New User Approve

Application

New User Approve

Published on
Jan 28, 2026
Research Description
The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny user accounts, retrieve sensitive user information including emails and roles, and force logout of privileged users.
Affected versions
max 3.2.3.
Status
vulnerable
Previous vulnerability researches
New User Approve (CVE-2026-0832) , Apr 15, 2026
New User Approve (CVE-2022-1625) , Jun 07, 2024
New User Approve (CVE-2023-50902) , Jun 07, 2024
New User Approve (a914ab360f5373364b002ff95df35db62d4f7ca4) , Jun 07, 2024
New User Approve (CVE-2025-69063) , Feb 27, 2026
New vulnerability
FAQ Manager For Divi, Gutenberg Block & Shortcode (CVE-2023-33999) , Jun 14, 2026
TablePress – Tables in WordPress made easy (CVE-2023-33999) , Jun 14, 2026
Docket Cache – Object Cache Accelerator (CVE-2026-22492) , Jun 14, 2026
Advanced Classifieds & Directory Pro (CVE-2023-33999) , Jun 14, 2026
Display Eventbrite Events (CVE-2023-33999) , Jun 14, 2026