📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Higher Education CRITICAL 7h Global data_breach Government HIGH 8h Global supply_chain Software Development and Open Source Communities CRITICAL 8h Global malware Software Development CRITICAL 8h Global phishing Multiple Sectors HIGH 9h Global vulnerability Web Applications CRITICAL 9h Global apt Critical Infrastructure CRITICAL 9h Global ransomware Multiple sectors CRITICAL 10h Global supply_chain Software Development, IT Infrastructure, Technology CRITICAL 10h Global vulnerability,data_breach,general Technology, Industrial Control Systems, Telecommunications HIGH 11h Global vulnerability Higher Education CRITICAL 7h Global data_breach Government HIGH 8h Global supply_chain Software Development and Open Source Communities CRITICAL 8h Global malware Software Development CRITICAL 8h Global phishing Multiple Sectors HIGH 9h Global vulnerability Web Applications CRITICAL 9h Global apt Critical Infrastructure CRITICAL 9h Global ransomware Multiple sectors CRITICAL 10h Global supply_chain Software Development, IT Infrastructure, Technology CRITICAL 10h Global vulnerability,data_breach,general Technology, Industrial Control Systems, Telecommunications HIGH 11h Global vulnerability Higher Education CRITICAL 7h Global data_breach Government HIGH 8h Global supply_chain Software Development and Open Source Communities CRITICAL 8h Global malware Software Development CRITICAL 8h Global phishing Multiple Sectors HIGH 9h Global vulnerability Web Applications CRITICAL 9h Global apt Critical Infrastructure CRITICAL 9h Global ransomware Multiple sectors CRITICAL 10h Global supply_chain Software Development, IT Infrastructure, Technology CRITICAL 10h Global vulnerability,data_breach,general Technology, Industrial Control Systems, Telecommunications HIGH 11h
Vulnerabilities

CVE-2026-0832

High
The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to,
CWE-862 — Weakness Type
Published: Jan 28, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
7.3
🔗 NVD Official
📄 Description (English)

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny user accounts, retrieve sensitive user information including emails and roles, and force logout of privileged users.

🤖 AI Executive Summary

The New User Approve WordPress plugin (versions ≤3.2.2) contains a critical authorization bypass in REST API endpoints, allowing unauthenticated attackers to approve/deny user registrations, access sensitive user data, and force logout of administrators. This vulnerability affects any WordPress installation using this plugin without proper capability checks, posing significant risks to user account management and data confidentiality. Immediate patching to version 3.2.3 or later is essential.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 5, 2026 09:50
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using WordPress for government portals, banking customer onboarding systems, healthcare patient registration platforms, and e-commerce sites are at significant risk. Government entities (NCA, CITC) managing citizen registration systems, SAMA-regulated financial institutions processing customer KYC, and healthcare providers (MOH) handling patient data face critical exposure. Telecom operators (STC, Mobily) using WordPress for customer management could experience unauthorized account approvals and data breaches. The vulnerability enables account takeover scenarios and unauthorized access to sensitive personal information (emails, roles, phone numbers) stored in user databases.
🏢 Affected Saudi Sectors
Government (NCA, CITC citizen registration systems) Banking (SAMA-regulated institutions, customer onboarding) Healthcare (MOH, private hospitals, patient registration) E-commerce (retail, online services) Telecommunications (STC, Mobily, customer management) Education (university registration systems) Insurance (customer account management)
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all WordPress installations using New User Approve plugin via plugin inventory audit

2. Disable the plugin immediately if version ≤3.2.2 is detected

3. Review REST API access logs for suspicious unauthenticated requests to /wp-json/new-user-approve/* endpoints



PATCHING:

1. Update New User Approve plugin to version 3.2.3 or later immediately

2. Ensure WordPress core and all other plugins are current

3. Test updates in staging environment before production deployment



COMPENSATING CONTROLS (if immediate patching delayed):

1. Implement Web Application Firewall (WAF) rules blocking unauthenticated REST API requests to /wp-json/new-user-approve/* endpoints

2. Restrict REST API access via .htaccess or nginx configuration to authenticated users only

3. Disable REST API entirely if not required: add 'define("REST_API_ENABLED", false);' to wp-config.php

4. Implement IP whitelisting for REST API endpoints



DETECTION:

1. Monitor WordPress access logs for POST/GET requests to /wp-json/new-user-approve/v1/users/approve or /wp-json/new-user-approve/v1/users/deny from unauthenticated sources

2. Alert on unusual user approval activities outside business hours

3. Track failed authentication attempts followed by REST API calls

4. Monitor for bulk user data retrieval via /wp-json/new-user-approve/v1/users endpoints



VERIFICATION:

1. Confirm plugin version post-update

2. Test REST API endpoints with unauthenticated requests to verify access is denied

3. Review user approval logs for unauthorized changes during vulnerability window
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع تثبيتات ووردبريس التي تستخدم مكون New User Approve من خلال تدقيق جرد المكونات

2. تعطيل المكون فورًا إذا تم اكتشاف الإصدار ≤3.2.2

3. مراجعة سجلات وصول REST API للطلبات المريبة غير المصرح لها إلى نقاط نهاية /wp-json/new-user-approve/*



التصحيح:

1. تحديث مكون New User Approve إلى الإصدار 3.2.3 أو أحدث فورًا

2. التأكد من أن نواة ووردبريس وجميع المكونات الأخرى محدثة

3. اختبار التحديثات في بيئة التجريب قبل نشرها في الإنتاج



الضوابط البديلة (إذا تأخر التصحيح الفوري):

1. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحظر طلبات REST API غير المصرح لها إلى نقاط نهاية /wp-json/new-user-approve/*

2. تقييد وصول REST API عبر .htaccess أو إعدادات nginx للمستخدمين المصرح لهم فقط

3. تعطيل REST API بالكامل إذا لم يكن مطلوبًا: أضف 'define("REST_API_ENABLED", false);' إلى wp-config.php

4. تنفيذ القائمة البيضاء للعناوين IP لنقاط نهاية REST API



الكشف:

1. مراقبة سجلات وصول ووردبريس للطلبات POST/GET إلى /wp-json/new-user-approve/v1/users/approve أو /wp-json/new-user-approve/v1/users/deny من مصادر غير مصرح لها

2. تنبيه على أنشطة الموافقة على المستخدمين غير العادية خارج ساعات العمل

3. تتبع محاولات المصادقة الفاشلة متبوعة باستدعاءات REST API

4. مراقبة استرجاع بيانات المستخدم بكميات كبيرة عبر نقاط نهاية /wp-json/new-user-approve/v1/users



التحقق:

1. تأكيد إصدار المكون بعد التحديث

2. اختبار نقاط نهاية REST API مع طلبات غير مصرح لها للتحقق من رفض الوصول

3. مراجعة سجلات الموافقة على المستخدمين للتغييرات غير المصرح لها أثناء نافذة الثغرة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policy (missing capability checks) ECC 2024 A.6.1.2 - User Registration and Access Management ECC 2024 A.8.2.1 - User Access Rights Review ECC 2024 A.9.2.1 - User Access Management ECC 2024 A.12.4.1 - Event Logging (REST API access not properly controlled)
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management (unpatched plugins) SAMA CSF PR.AC-1 - Access Control Policy and Procedures SAMA CSF PR.AC-3 - Access Enforcement (missing capability checks) SAMA CSF DE.CM-1 - Detection and Analysis (monitoring REST API) SAMA CSF DE.AE-1 - Anomalies and Events (unauthorized approvals)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.2 - Information Security Policies ISO 27001:2022 A.6.2 - Access Control ISO 27001:2022 A.8.1 - User Endpoint Devices ISO 27001:2022 A.8.2 - Privileged Access Rights ISO 27001:2022 A.8.3 - Information Access Restriction ISO 27001:2022 A.12.4 - Logging
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patches (if processing payment data) PCI DSS 7.1 - Access Control Implementation PCI DSS 8.1 - User Identification and Authentication PCI DSS 10.2 - User Access Logging
📊 CVSS Score
7.3
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityL — Low / Local
IntegrityL — Low / Local
AvailabilityL — Low / Local
📋 Quick Facts
Severity High
CVSS Score7.3
CWECWE-862
EPSS0.09%
Exploit No
Patch ✓ Yes
Published 2026-01-28
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
8.2
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
CWE-862
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.