PT-2026-5067 · WordPress · New User Approve
Deadbee
·
Publicado
2026-01-28
·
Atualizado
2026-02-02
·
CVE-2026-0832
CVSS v3.1
7.3
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
New User Approve plugin for WordPress versions up to and including 3.2.2
Description
The New User Approve plugin for WordPress is susceptible to unauthorized data access and modification. This is due to a missing capability check on multiple REST API endpoints. An unauthenticated attacker can approve or deny user accounts, retrieve sensitive user information such as emails and roles, and force logout of privileged users. The affected API endpoints include those used for user approval and account management. The vulnerable functionality allows manipulation of user account status and access to user data without proper authorization.
Recommendations
Update the New User Approve plugin to a version beyond 3.2.2.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
New User Approve