CVE-2026-0832

HIGH
2026-01-28 [email protected]
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 28, 2026 - 07:16 nvd
HIGH 7.3

Tags

WordPress

Description

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny user accounts, retrieve sensitive user information including emails and roles, and force logout of privileged users.

Analysis

New User Approve (WordPress plugin) versions up to 3.2.2. is affected by missing authorization (CVSS 7.3).

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Audit all installations of New User Approve plugin and document affected versions; disable the plugin if business-critical functionality can be deferred. Within 7 days: Implement compensating controls via WAF rules to restrict unauthorized access to plugin administrative functions; review user approval logs for suspicious activity. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +36
POC: 0

Share

CVE-2026-0832 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy