Unauthorized Data Access in New User Approve Plugin for WordPress
CVE-2026-0832

7.3HIGH

Key Information:

Vendor

WordPress
Status
New User Approve
Vendor
CVE Published:
28 January 2026

What is CVE-2026-0832?

The New User Approve plugin for WordPress experiences significant security risks due to a lack of capability checks on several REST API endpoints. This vulnerability allows unauthorized individuals to manipulate user accounts by approving or denying registrations without proper authentication. Additionally, attackers can access sensitive user information, including email addresses and roles, and even enforce logouts of legitimate users, thereby compromising the integrity of the site's user management. All users of affected versions, including those up to and including version 3.2.2, should update to the latest version to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

New User Approve * <= 3.2.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/new-user-appro...
https://plugins.trac.wordpress.org/browser/new-user-appro...

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Deadbee
JSON
.