Unauthorized Data Access in New User Approve Plugin for WordPress
CVE-2026-0832

7.3HIGH

Key Information:

Vendor: WordPress
Status: New User Approve
Vendor: CVE Published:; 28 January 2026

What is CVE-2026-0832?

The New User Approve plugin for WordPress experiences significant security risks due to a lack of capability checks on several REST API endpoints. This vulnerability allows unauthorized individuals to manipulate user accounts by approving or denying registrations without proper authentication. Additionally, attackers can access sensitive user information, including email addresses and roles, and even enforce logouts of legitimate users, thereby compromising the integrity of the site's user management. All users of affected versions, including those up to and including version 3.2.2, should update to the latest version to mitigate these risks.

Affected Version(s)

New User Approve 0 <= 3.2.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/new-user-appro...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2026
Vulnerability Reserved
Jan 9, 2026

Credit

Deadbee

CVE-2026-0832 Data

JSON