Skip to main content

New User Approve

3 CVEs product

Monthly

CVE-2026-25390 MEDIUM This Month

The New User Approve plugin for WordPress versions 3.2.3 and earlier contains a missing authorization check that allows authenticated users to modify access control settings beyond their intended privileges. An attacker with basic user credentials could escalate their permissions or alter security configurations without proper authorization. No patch is currently available for this vulnerability.

Authentication Bypass New User Approve
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-50902 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF New User Approve
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-1625 MEDIUM POC This Month

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress New User Approve
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

The New User Approve plugin for WordPress versions 3.2.3 and earlier contains a missing authorization check that allows authenticated users to modify access control settings beyond their intended privileges. An attacker with basic user credentials could escalate their permissions or alter security configurations without proper authorization. No patch is currently available for this vulnerability.

Authentication Bypass New User Approve
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF New User Approve
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress New User Approve
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy