New User Approve

Vulnerabilities 16Slug new-user-approveLatest version 3.2.7WordPress.org →

Minimum safe version

3.2.4

Update to 3.2.4 or later to address 16 fixable vulnerabilities

Latest available3.2.7 ✓

N/A

2026-01-27< 3.2.3

New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure

Wordfence CVE

Medium 6.5

2026-03-25< 3.2.4

CVE-2026-25390

CVE Wordfence

High 8.6

2026-02-20< 3.2.1

CVE-2025-69063

CVE Wordfence

High 7.1

2025-12-09< 3.2.4

CVE-2025-63030

CVE Wordfence

Medium 5.3

2025-11-19< 3.1.0

CVE-2025-12770

CVE Wordfence

Medium 5.4

2024-12-13< 2.6.4

CVE-2024-54323

CVE Wordfence Patchstack

Medium 6.3

2024-10-16< 2.1

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

Medium 4.3

2024-12-26< 2.5.2

WordPress New User Approve Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack CVE Wordfence WPScan

N/A

< 2.1

New User Approve < 2.4.1 - Reflected Cross-Site Scripting

WPScan

N/A

2023-07-19< 2.5.1

WordPress New User Approve Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

N/A

2022-03-04< 2.1

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence

N/A

2022-05-30< 2.4.1

New User Approve <= 2.4 - Reflected Cross-Site Scripting

Wordfence

Medium 4.3

2022-06-27< 2.4.1

CVE-2022-1625

CVE Patchstack Wordfence WPScan

N/A

2022-06-13< 2.4.1

WordPress New User Approve plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2022-02-28< 2.1

WordPress New User Approve plugin <= 2.0 - Sensitive Information Disclosure vulnerability

Patchstack

N/A

2022-02-28< 2.1

WordPress New User Approve plugin <= 2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack