VYPR

New User Approve

by WordPress

Source repositories

CVEs (6)

  • CVE-2026-0832HigJan 28, 2026
    risk 0.47cvss 7.3epss 0.00

    The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to…

  • CVE-2025-63030HigDec 9, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3.

  • CVE-2024-54323MedDec 13, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 2.6.2.

  • CVE-2023-50902MedDec 29, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1.

  • CVE-2022-1625MedJun 27, 2022
    risk 0.28cvss 4.3epss 0.00

    The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking…

  • CVE-2025-12770MedNov 19, 2025
    risk 0.27cvss 5.3epss 0.00

    The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally…