[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWBHiqJ93aQe5Hlxq1NA5fQVAso3q9CoGjdr7mrfMxqQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":140,"crawl_stats":37,"alternatives":148,"analysis":240,"fingerprints":853},"new-user-approve","New User Approve","3.2.4","Saad Iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaadiqbal\u002F","\u003Cp>🚀 \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fpricing\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> | 📘 \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fdocumentation\u002Fintroduction\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | 📱 \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fmobile-app\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">Mobile App\u003C\u002Fa> | 💬 \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fget-in-touch\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FKlhWmlfuaVg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Running a WordPress site is exciting but it also means you’re constantly battling spam registrations, fake accounts, and unwanted users. New User Approve works as a default WordPress registration system that does not let anyone sign up and instantly gain access. Because its your responsibility as a site owner as exactly who’s allowed into your site before any user log in.\u003C\u002Fp>\n\u003Cp>New User Approve comes is a powerful WordPress user approval plugin that puts you in full control of your community, membership site, online store, or private portal. With this manual user approval plugin, you can moderate user registration, protect your content, and keep your website free from unwanted registration requests.\u003Cbr \u002F>\nWhether you want to restrict user access before approval, prevent fake user signups, or simply make sure every new member is legit, New User Approve makes it easy, professional, and efficient.\u003C\u002Fp>\n\u003Ch3>⭐ New User Approve Offers Mobile App for Faster User Approvals ⭐\u003C\u002Fh3>\n\u003Cp>New User Approve also includes a dedicated mobile app that lets you manage registrations without opening your WordPress dashboard. It gives you quick access to every pending user and keeps your site protected even when you are away from your computer.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With the mobile app, you can:\u003C\u002Fstrong>\u003Cbr \u002F>\n⚡ Review complete user profiles in a clean, mobile-friendly layout\u003Cbr \u002F>\n⚡ Approve or deny registrations with single tap\u003Cbr \u002F>\n⚡ Verify identities with clear, mobile-friendly user profiles\u003Cbr \u002F>\n⚡ Keep full control of who joins your site without logging into WordPress\u003Cbr \u002F>\n⚡ Stay updated with instant push notifications for every new signup\u003C\u002Fp>\n\u003Cp>This feature ensures you never miss an approval request and keeps your site consistently secure, responsive, and easy to manage from anywhere.\u003C\u002Fp>\n\u003Ch3>⭐ Why You Need New User Approve ⭐\u003C\u002Fh3>\n\u003Cp>Imagine running a membership site, community forum, or private business portal where quality and security matter. The last thing you want is spam bots flooding your database or strangers sneaking into confidential areas.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New User Approve helps you:\u003C\u002Fstrong>\u003Cbr \u002F>\n⚡ \u003Cstrong>Stop spam registrations\u003C\u002Fstrong> and fake accounts before they ever log in\u003Cbr \u002F>\n⚡ \u003Cstrong>Verify user identities\u003C\u002Fstrong> by reviewing each signup manually\u003Cbr \u002F>\n⚡ Maintain \u003Cstrong>complete control\u003C\u002Fstrong> over who becomes part of your community\u003Cbr \u002F>\n⚡ Create a \u003Cstrong>safe, trusted space\u003C\u002Fstrong> for your members or customers\u003C\u002Fp>\n\u003Cp>Unlike generic WordPress plugins that simply hide login pages, New User Approve adds a true \u003Cstrong>user verification before approval\u003C\u002Fstrong> process. It gives you confidence to grow your site without worrying about who’s lurking behind those new user accounts.\u003C\u002Fp>\n\u003Ch3>🛠 How It Works\u003C\u002Fh3>\n\u003Cp>Here’s how \u003Cstrong>New User Approve\u003C\u002Fstrong>, your go-to \u003Cstrong>member approval plugin\u003C\u002Fstrong>, transforms your registration flow:\u003C\u002Fp>\n\u003Cp>When someone registers on your WordPress site, you’ll receive an email alert. You can then decide to approve or deny their account. The plugin automatically emails the user to let them know the outcome.\u003C\u002Fp>\n\u003Cp>👁If approved, the user receives their login details and can access your site immediately.\u003Cbr \u002F>\n👁If denied, they’ll be kept out—and can’t even log in.\u003Cbr \u002F>\n👁Pending users stay locked out until you make a decision.\u003C\u002Fp>\n\u003Cp>This makes it simple to \u003Cstrong>restrict user access before approval\u003C\u002Fstrong> and ensure only the right people become part of your online community.\u003C\u002Fp>\n\u003Cp>Already have users on your website? No problem.\u003C\u002Fp>\n\u003Cp>Existing users stay approved automatically when you install New User Approve. You can also change someone’s approval status at any time, with easy search tools for managing pending, approved, or denied users.\u003C\u002Fp>\n\u003Ch3>⌛ Save Time with Zapier Automation\u003C\u002Fh3>\n\u003Cp>Want to work smarter? Connect \u003Cstrong>New User Approve\u003C\u002Fstrong> to Zapier to automate routine tasks.\u003Cbr \u002F>\nFor example:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trigger a Slack message when a user is approved\u003C\u002Fli>\n\u003Cli>Add approved users to a Google Sheet\u003C\u002Fli>\n\u003Cli>Send emails through Gmail when someone’s denied\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Zapier, you can integrate the plugin with thousands of apps without writing a single line of code. It’s perfect for businesses looking to streamline their processes while maintaining strict \u003Cstrong>user verification before approval.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>🤝 Invite Trusted Users Instantly\u003C\u002Fh3>\n\u003Cp>Sometimes you want trusted people—like staff, VIPs, or clients—to skip the approval queue. With New User Approve’s invitation codes, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📜 Generate unique codes manually or automatically\u003C\u002Fli>\n\u003Cli>💳 Give those codes to users so they’re \u003Cstrong>auto-approved\u003C\u002Fstrong> upon registration\u003C\u002Fli>\n\u003Cli>💻 Manage, edit, or disable codes anytime\u003C\u002Fli>\n\u003Cli>🛒 Seamlessly integrate codes with WooCommerce registrations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This feature makes it easier than ever to onboard important members without sacrificing security.\u003C\u002Fp>\n\u003Ch3>☀ A Fresh New Interface\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>New User Approve\u003C\u002Fstrong> has been redesigned with a crisp, modern look that’s clean and user-friendly. The updated interface is intuitive for admins and gives users confidence in your website’s professionalism.\u003C\u002Fp>\n\u003Cp>Whether you’re a WordPress beginner or seasoned WordPress user, managing new user approvals has never been easier or looked this good.\u003C\u002Fp>\n\u003Ch3>⭐ Compatible with Top Plugins\u003C\u002Fh3>\n\u003Cp>New User Approve integrates beautifully with popular WordPress plugins, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>MemberPress\u003C\u002Fli>\n\u003Cli>WP-Foro\u003C\u002Fli>\n\u003Cli>LearnDash\u003C\u002Fli>\n\u003Cli>Ultimate Member\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>So, whether you’re running a store, a membership site, or a thriving online community, this user approval plugin fits right in.\u003C\u002Fp>\n\u003Ch3>🖍 Customize Everything\u003C\u002Fh3>\n\u003Cp>For those who want complete flexibility, New User Approve lets you customize nearly every step of the user approval process:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tailor the welcome message above the login or registration form\u003C\u002Fli>\n\u003Cli>Personalize messages for pending or denied users\u003C\u002Fli>\n\u003Cli>Craft unique notification emails for users and admins\u003C\u002Fli>\n\u003Cli>Suppress denial notifications if preferred\u003C\u002Fli>\n\u003Cli>Use HTML formatting in emails for a branded, professional look\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There’s even a commercial add-on available at \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002Fpricing\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">New User Approve\u003C\u002Fa> that unlocks additional powerful features for businesses and growing sites.\u003C\u002Fp>\n\u003Ch3>📌 Documentation\u003C\u002Fh3>\n\u003Cp>Need help getting started? \u003Ca href=\"https:\u002F\u002Fnewuserapprove.com\u002F?utm_source=wp_org&utm_medium=read_me\" rel=\"nofollow ugc\">View the detailed technical documentation here\u003C\u002Fa>. It walks you through every step of installing and configuring \u003Cstrong>New User Approve\u003C\u002Fstrong>, plus troubleshooting tips if you get stuck.\u003C\u002Fp>\n\u003Ch3>🔥 New User Approve Pro Features\u003C\u002Fh3>\n\u003Cp>Upgrade to the premium version for advanced features like:\u003C\u002Fp>\n\u003Cp>✔ Customizable Email Notifications\u003Cbr \u002F>\n✔ Invite-Only Registration\u003Cbr \u002F>\n✔ Bulk Invitation Code Generator\u003Cbr \u002F>\n✔ Email Invitation Codes\u003Cbr \u002F>\n✔ Import Invitation Codes\u003Cbr \u002F>\n✔ Auto-Approve Trusted Email Domains\u003Cbr \u002F>\n✔ Blacklist Generic or Suspicious Email Domains\u003Cbr \u002F>\n✔ Registration Deadlines\u003Cbr \u002F>\n✔ Auto-Approve Selected User Roles\u003Cbr \u002F>\n✔ User Role Change Requests\u003Cbr \u002F>\n✔ Extended Zapier Triggers\u003C\u002Fp>\n\u003Ch3>✨ Translations\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>New User Approve\u003C\u002Fstrong> is already available in many languages thanks to an amazing community of translators. You can help expand translations further with tools like Poedit.\u003C\u002Fp>\n\u003Cp>Current supported languages include:\u003C\u002Fp>\n\u003Cp>Belarusian, Brazilian Portuguese, Bulgarian, Catalan, Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Lithuanian, Persian, Polish, Romanian, Russian, Serbo-Croatian, Slovak, Spanish, Swedish.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New User Approve\u003C\u002Fstrong> isn’t just a plugin. It’s your ultimate solution for user verification before approval, helping you moderate user registration, prevent fake user signups, and stop spam registrations for good.\u003Cbr \u002F>\nIf you need a reliable manual user approval plugin for WordPress, get it now!\u003C\u002Fp>\n","WordPress user approval plugin to moderate registrations. Approve or deny real users and prevent fake signups to control who registers on site.",20000,847425,86,130,"2026-02-10T07:30:00.000Z","6.9.4","4.0","",[20,21,22,23,24],"registration","user-approval","user-management","user-registration","users","http:\u002F\u002Fnewuserapprove.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnew-user-approve.zip",8,0,"2026-02-11 00:00:00","2026-03-15T15:16:48.613Z",[32,48,63,76,90,102,116,130],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-69063","new-user-approve-missing-authorization","New User Approve \u003C= 3.2.0 - Missing Authorization","The New User Approve plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=3.2.0","3.2.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-17 15:03:00",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5fcf9a7f-e48c-40a7-9af8-6a2e631ef6e3?source=api-prod",7,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":43,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2026-0832","new-user-approve-missing-authorization-to-unauthenticated-arbitrary-user-approval-denial-and-information-disclosure","New User Approve \u003C= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure","The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny user accounts, retrieve sensitive user information including emails and roles, and force logout of privileged users.","\u003C=3.2.2","3.2.3","high",7.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","2026-01-27 17:49:02","2026-01-28 06:43:46",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff86a69ab-2fc5-4c84-872b-929dbec429cd?source=api-prod",1,{"id":64,"url_slug":65,"title":66,"description":67,"plugin_slug":4,"theme_slug":37,"affected_versions":68,"patched_in_version":69,"severity":40,"cvss_score":41,"cvss_vector":70,"vuln_type":71,"published_date":72,"updated_date":73,"references":74,"days_to_patch":62},"CVE-2025-12770","new-user-approve-unauthenticated-sensitive-information-disclosure-via-type-juggling","New User Approve \u003C= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling","The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable information (PII), including usernames and email addresses of users with various approval statuses via the Zapier REST API endpoints, by exploiting PHP type juggling with the api_key parameter set to \"0\" on sites where the Zapier API key has not been configured.","\u003C=3.0.9","3.1.0","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2025-11-18 15:26:02","2025-11-19 14:25:58",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3f1cf77a-64b4-405b-adcb-ef16d9e82ab2?source=api-prod",{"id":77,"url_slug":78,"title":79,"description":80,"plugin_slug":4,"theme_slug":37,"affected_versions":81,"patched_in_version":6,"severity":40,"cvss_score":82,"cvss_vector":83,"vuln_type":84,"published_date":85,"updated_date":86,"references":87,"days_to_patch":89},"CVE-2025-63030","new-user-approve-cross-site-request-forgery","New User Approve \u003C= 3.2.3 - Cross-Site Request Forgery","The New User Approve plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=3.2.3",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-11-08 00:00:00","2026-02-26 15:23:26",[88],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1fe73b99-f113-4514-ae13-e22f897608b2?source=api-prod",111,{"id":91,"url_slug":92,"title":93,"description":94,"plugin_slug":4,"theme_slug":37,"affected_versions":95,"patched_in_version":96,"severity":40,"cvss_score":82,"cvss_vector":97,"vuln_type":43,"published_date":98,"updated_date":99,"references":100,"days_to_patch":27},"CVE-2024-54323","new-user-approve-missing-authorization-2","New User Approve \u003C= 2.6.2 - Missing Authorization","The New User Approve plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the _admin_notices_hook function in versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with contributor-level access and above, to read notices intended for admins.","\u003C=2.6.2","2.6.4","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","2024-12-11 00:00:00","2024-12-19 09:07:26",[101],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6c00e07a-7a0b-4cfa-8f6b-b03e3b485f07?source=api-prod",{"id":103,"url_slug":104,"title":105,"description":106,"plugin_slug":4,"theme_slug":37,"affected_versions":107,"patched_in_version":108,"severity":40,"cvss_score":109,"cvss_vector":110,"vuln_type":84,"published_date":111,"updated_date":112,"references":113,"days_to_patch":115},"CVE-2023-50902","new-user-approve-cross-site-request-forgery-via-adminnotices","New User Approve \u003C= 2.5.1 - Cross-Site Request Forgery via admin_notices","The New User Approve plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the admin_notices function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2.5.1","2.5.2",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-12-26 00:00:00","2024-01-22 19:56:02",[114],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3abde27c-8234-4146-9e55-ea20b275ca48?source=api-prod",28,{"id":117,"url_slug":118,"title":119,"description":120,"plugin_slug":4,"theme_slug":37,"affected_versions":121,"patched_in_version":122,"severity":123,"cvss_score":124,"cvss_vector":125,"vuln_type":84,"published_date":126,"updated_date":112,"references":127,"days_to_patch":129},"CVE-2022-1625","new-user-approve-cross-site-request-forgery-2","New User Approve \u003C= 2.4 - Cross-Site Request Forgery","The New User Approve WordPress plugin before 2.4.1 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.","\u003C=2.4","2.4.1","critical",9.6,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:H\u002FI:H\u002FA:H","2022-06-01 00:00:00",[128],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9e6365ab-30c5-4bec-a5f3-b0812ae8a609?source=api-prod",601,{"id":131,"url_slug":132,"title":133,"description":134,"plugin_slug":4,"theme_slug":37,"affected_versions":121,"patched_in_version":122,"severity":40,"cvss_score":109,"cvss_vector":110,"vuln_type":135,"published_date":136,"updated_date":112,"references":137,"days_to_patch":139},"WF-b8e3f779-9d25-4525-a827-8ce743bd889e-new-user-approve","new-user-approve-reflected-cross-site-scripting","New User Approve \u003C= 2.4 - Reflected Cross-Site Scripting","The New User Approve plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in versions up to, and including, 2.4 . This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-05-30 00:00:00",[138],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb8e3f779-9d25-4525-a827-8ce743bd889e?source=api-prod",603,{"slug":141,"display_name":7,"profile_url":8,"plugin_count":142,"total_installs":143,"avg_security_score":144,"avg_patch_time_days":145,"trust_score":146,"computed_at":147},"saadiqbal",84,1428520,96,287,76,"2026-04-03T21:31:19.543Z",[149,167,187,206,224],{"slug":150,"name":151,"version":152,"author":153,"author_profile":154,"description":155,"short_description":156,"active_installs":28,"downloaded":157,"rating":28,"num_ratings":28,"last_updated":158,"tested_up_to":159,"requires_at_least":160,"requires_php":161,"tags":162,"homepage":18,"download_link":165,"security_score":166,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"webdesk-approval-manager","WebDesk Approval Manager","1.0.1","WebDesk Solution","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebdesksolution\u002F","\u003Cp>\u003Cstrong>WebDesk Approval Manager\u003C\u002Fstrong> allows admins to take full control of customer registrations. Approve or reject new registrations manually or automate approvals based on predefined criteria. Customize registration forms with dynamic fields and send automatic email notifications for approvals or rejections.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Dynamic Form Fields:\u003C\u002Fstrong> Add and manage custom fields (text, email, select, radio, checkbox, etc.) from the backend.\u003Cbr \u002F>\n– \u003Cstrong>Approval & Rejection System:\u003C\u002Fstrong> View and manage customer submissions with detailed status tracking.\u003Cbr \u002F>\n– \u003Cstrong>Email Notifications:\u003C\u002Fstrong> Send customizable emails for approval and rejection.\u003Cbr \u002F>\n– \u003Cstrong>User-Friendly Interface:\u003C\u002Fstrong> Simplified admin tools for easy management.\u003Cbr \u002F>\n– \u003Cstrong>Highly Customizable:\u003C\u002Fstrong> Tailor the plugin to your business needs.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch3>\u003Cstrong>1. Customer Management\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>View the customer list in the admin panel.\u003C\u002Fli>\n\u003Cli>Approve or reject submissions and add comments.\u003C\u002Fli>\n\u003Cli>Track approval status for all customers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>2. Email Notifications\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Customize approval\u002Frejection email templates.\u003C\u002Fli>\n\u003Cli>Use placeholders like \u003Ccode>{{name}}\u003C\u002Fcode> and \u003Ccode>{{email}}\u003C\u002Fcode> for personalized messages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>3. Form Customization\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>Dashboard > Customer Approval\u003C\u002Fstrong> to add and manage dynamic fields.\u003C\u002Fli>\n\u003Cli>Support for text, email, radio, checkboxes, and dropdown fields.\u003C\u002Fli>\n\u003Cli>Set required fields and validation rules.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>4. Frontend Form\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use the shortcode \u003Ccode>[webdesk_approval_registration_form]\u003C\u002Fcode> to display the form on any page or post.\u003C\u002Fli>\n\u003Cli>Use the shortcode \u003Ccode>[webdesk_approval_login_form]\u003C\u002Fcode> to display the login form.\u003C\u002Fli>\n\u003Cli>The form updates dynamically based on backend configurations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports, please contact us at support@webdeskinc.com.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GNU General Public License v2.0 or later.\u003Cbr \u002F>\nSee \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa> for details.\u003C\u002Fp>\n","A WordPress plugin for managing customer approval workflows, dynamic frontend forms, and customer approval\u002Frejection with email notifications.",339,"2025-07-31T07:25:00.000Z","6.8.5","6.0","7.4",[163,164,21,22,23],"custom-registration-form","email-notifications","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebdesk-approval-manager.1.0.1.zip",100,{"slug":168,"name":169,"version":170,"author":171,"author_profile":172,"description":173,"short_description":174,"active_installs":175,"downloaded":176,"rating":28,"num_ratings":28,"last_updated":177,"tested_up_to":16,"requires_at_least":178,"requires_php":179,"tags":180,"homepage":185,"download_link":186,"security_score":166,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"fake-user-detector","Fake User Detector","1.0.3","PluginRx","https:\u002F\u002Fprofiles.wordpress.org\u002Fapos37\u002F","\u003Cp>Fake User Detector helps WordPress site owners identify and flag suspicious user accounts after they have already registered.\u003C\u002Fp>\n\u003Cp>This plugin does not prevent or block registrations. Instead, it analyzes user data post-registration to highlight accounts that appear automated, fake, or low-quality, making it easier to review and remove them manually.\u003C\u002Fp>\n\u003Cp>Fake User Detector is designed as a cleanup and review tool, not a registration firewall. It works well alongside other plugins that handle CAPTCHA, email verification, honeypots, or other signup prevention techniques.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Post-Registration Analysis:\u003C\u002Fstrong> Evaluates user accounts after creation to identify suspicious patterns.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gibberish Detection:\u003C\u002Fstrong> Flags accounts with non-human patterns like too many uppercase letters, no vowels, or clusters of consonants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Symbol and Number Filters:\u003C\u002Fstrong> Detects unnatural use of digits or special characters in names.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Detection Rules:\u003C\u002Fstrong> Enable or disable individual checks to suit your site’s user base.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flag for Review:\u003C\u002Fstrong> Suspicious accounts are flagged and marked for potential deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Notice:\u003C\u002Fstrong> Quickly see how many flagged users exist from your admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scan Existing Users:\u003C\u002Fstrong> Scan the users admin list table for suspicious accounts so you can easily delete them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms Integration:\u003C\u002Fstrong> If using Gravity Forms User Registration, the plugin optionally runs validation checks on registrations submitted via forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Add or customize detection logic with your own functions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Detection Checks Include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manually flagged by admin\u003C\u002Fli>\n\u003Cli>Excessive uppercase letters (more than 5 in a name unless all caps)\u003C\u002Fli>\n\u003Cli>No vowels in names longer than 5 characters\u003C\u002Fli>\n\u003Cli>Six or more consecutive consonants in a name\u003C\u002Fli>\n\u003Cli>Presence of numbers in names\u003C\u002Fli>\n\u003Cli>Presence of special characters other than letters, numbers, and dashes\u003C\u002Fli>\n\u003Cli>Similarity between first and last name (exact match or one includes the other)\u003C\u002Fli>\n\u003Cli>Very short names (2 characters)\u003C\u002Fli>\n\u003Cli>Invalid or disposable email domains\u003C\u002Fli>\n\u003Cli>Excessive periods in email address (more than 3)\u003C\u002Fli>\n\u003Cli>Username containing URL patterns (\u003Ccode>http\u003C\u002Fcode>, \u003Ccode>https\u003C\u002Fcode>, or \u003Ccode>www\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Known spam words in user bio or name\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fake User Detector is ideal for membership sites, communities, forums, or any WordPress site that allows user registration and needs a practical way to review and clean up suspicious accounts that already exist.\u003C\u002Fp>\n","Detect and flag suspicious existing user accounts using simple checks to help clean up fake or low-quality registrations.",30,214,"2025-12-24T20:28:00.000Z","5.9","8.0",[181,182,183,184,23],"account-flagging","bot-detection","fake-users","spam","https:\u002F\u002Fpluginrx.com\u002Fplugin\u002Ffake-user-detector\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffake-user-detector.1.0.3.zip",{"slug":188,"name":189,"version":190,"author":191,"author_profile":192,"description":193,"short_description":194,"active_installs":195,"downloaded":196,"rating":166,"num_ratings":62,"last_updated":197,"tested_up_to":16,"requires_at_least":198,"requires_php":199,"tags":200,"homepage":204,"download_link":205,"security_score":166,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"user-approval-manager","User Approval Manager","1.0.5","Sotiris Rallios","https:\u002F\u002Fprofiles.wordpress.org\u002Fsrallios\u002F","\u003Cp>\u003Cstrong>User Approval Manager\u003C\u002Fstrong> adds an approval layer to WordPress user registration.\u003C\u002Fp>\n\u003Cp>When a new user registers, the plugin prevents immediate login and notifies the site administrator(s) by email. The administrator can approve or reject the user directly via action buttons included in the email.\u003C\u002Fp>\n\u003Cp>At the same time, the user receives an automatic email informing them that their account is pending approval. Once approved, the user is notified and can log in normally.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for:\u003Cbr \u002F>\n– Membership websites\u003Cbr \u002F>\n– B2B platforms\u003Cbr \u002F>\n– Private communities\u003Cbr \u002F>\n– WooCommerce stores requiring verified customers\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Blocks login for newly registered users until approved\u003C\u002Fli>\n\u003Cli>Sends notification email to up to \u003Cstrong>two administrator email addresses\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Approve or reject users directly from email buttons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reset password button\u003C\u002Fstrong> — use the {reset_password_button} placeholder in the User Approval Email to send new users a one-click “Set Password” link (respects custom login URLs and wp_lang)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-approval checkbox\u003C\u002Fstrong> — optionally auto-approve new users so they can log in immediately without manual approval\u003C\u002Fli>\n\u003Cli>Sends automatic status emails to users (pending \u002F approved)\u003C\u002Fli>\n\u003Cli>Simple configuration via WordPress admin\u003C\u002Fli>\n\u003Cli>Lightweight and focused — no unnecessary complexity\u003C\u002Fli>\n\u003C\u002Ful>\n","Requires administrator approval before new users can log in. Sends email notifications to admins and users during the approval process.",20,351,"2026-02-20T21:31:00.000Z","5.0","7.2",[201,202,203,21,23],"admin-approval","login-control","security","https:\u002F\u002Fwww.rallios.gr\u002Fportfolio\u002Fuser-approval-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-approval-manager.1.0.5.zip",{"slug":207,"name":208,"version":152,"author":209,"author_profile":210,"description":211,"short_description":212,"active_installs":213,"downloaded":214,"rating":28,"num_ratings":28,"last_updated":215,"tested_up_to":18,"requires_at_least":216,"requires_php":217,"tags":218,"homepage":221,"download_link":222,"security_score":223,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"registration-and-authorization","IQ Authorization","LumpX","https:\u002F\u002Fprofiles.wordpress.org\u002Flumpx\u002F","\u003Cp>Advanced form of authorization and registration of your users\u003C\u002Fp>\n","Advanced form of authorization and registration of your users",10,685,"2023-03-04T16:12:00.000Z","5.2","5.4",[219,220,20,23],"authorization","authorization-users","https:\u002F\u002Flumpx.com\u002Fwp-plugins\u002Fiq-authorization","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fregistration-and-authorization.1.0.1.zip",85,{"slug":225,"name":226,"version":227,"author":228,"author_profile":229,"description":230,"short_description":231,"active_installs":28,"downloaded":232,"rating":28,"num_ratings":28,"last_updated":233,"tested_up_to":159,"requires_at_least":198,"requires_php":161,"tags":234,"homepage":238,"download_link":239,"security_score":166,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"subscription-system","Subscription System","1.0.14","joeyoungblood","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoeyoungblood\u002F","\u003Cp>Subscription System is a comprehensive WordPress plugin that provides a complete user registration and login solution for your website. With easy-to-use shortcodes and a user-friendly admin interface, you can quickly set up subscription forms and manage user registrations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>User Registration Forms\u003C\u002Fstrong> – Create beautiful registration forms with username, email, and password fields\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Login Forms\u003C\u002Fstrong> – Provide secure login functionality for your users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Dashboard\u003C\u002Fstrong> – Comprehensive admin interface to manage settings and view statistics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Easy integration with \u003Ccode>[subscription_register]\u003C\u002Fcode> and \u003Ccode>[subscription_login]\u003C\u002Fcode> shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Features\u003C\u002Fstrong> – Built-in nonce verification and input sanitization\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Design\u003C\u002Fstrong> – Mobile-friendly forms that work on all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong> – Full internationalization support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Standards\u003C\u002Fstrong> – Follows WordPress coding standards and best practices\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Available Shortcodes:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>[subs_sys_register]\u003C\u002Fcode> – Displays a user registration form (recommended)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[subs_sys_login]\u003C\u002Fcode> – Displays a user login form (recommended)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ccode>[subscription_register]\u003C\u002Fcode> – Legacy shortcode (still supported)\u003C\u002Fli>\n\u003Cli>\u003Ccode>[subscription_login]\u003C\u002Fcode> – Legacy shortcode (still supported)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Admin Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable\u002Fdisable user registration\u003C\u002Fli>\n\u003Cli>View user statistics\u003C\u002Fli>\n\u003Cli>Quick access to WordPress user management\u003C\u002Fli>\n\u003Cli>Comprehensive help documentation\u003C\u002Fli>\n\u003Cli>System status monitoring\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developer Information\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Plugin Structure:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Follows WordPress Plugin Boilerplate standards\u003Cbr \u002F>\n* Object-oriented programming approach\u003Cbr \u002F>\n* Proper separation of admin and public functionality\u003Cbr \u002F>\n* Internationalization support\u003Cbr \u002F>\n* Security best practices\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hooks and Filters:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin provides various hooks and filters for developers to extend functionality. Documentation for these will be expanded in future versions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support:\u003C\u002Fstrong>\u003Cbr \u002F>\nFor support and feature requests, please visit our website at https:\u002F\u002Fmediahubster.in\u002F\u003C\u002Fp>\n","A powerful subscription management system for WordPress that allows users to register and login through customizable forms.",752,"2026-02-17T19:25:00.000Z",[235,236,237,22,23],"login","membership","subscription","https:\u002F\u002Fmediahubster.in\u002Fsubscription-system","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsubscription-system.1.0.14.zip",{"attackSurface":241,"codeSignals":748,"taintFlows":769,"riskAssessment":841,"analyzedAt":852},{"hooks":242,"ajaxHandlers":560,"restRoutes":561,"shortcodes":746,"cronEvents":747,"entryPointCount":400,"unprotectedCount":446},[243,249,253,257,260,264,268,271,275,280,284,289,293,297,299,301,307,311,316,320,324,327,331,335,338,340,344,348,351,355,360,364,368,372,376,380,385,390,394,398,401,404,406,410,412,415,419,422,426,430,434,439,442,444,447,450,453,456,459,462,467,470,473,475,478,480,483,486,488,490,493,495,497,500,504,508,512,515,519,523,527,530,533,537,541,545,548,552,556],{"type":244,"name":245,"callback":246,"priority":213,"file":247,"line":248},"action","admin_menu","admin_menu_link","includes\\admin-approve.php",45,{"type":244,"name":245,"callback":250,"priority":251,"file":247,"line":252},"admin_menu_upgrade_link",99999999999999,46,{"type":244,"name":245,"callback":254,"priority":255,"file":247,"line":256},"admin_menu_settings_pro",31,51,{"type":244,"name":245,"callback":258,"priority":255,"file":247,"line":259},"admin_menu_autoApprove_pro",52,{"type":244,"name":261,"callback":262,"file":247,"line":263},"admin_init","process_input",54,{"type":244,"name":265,"callback":266,"file":247,"line":267},"admin_notices","admin_notice",55,{"type":244,"name":261,"callback":269,"file":247,"line":270},"notice_ignore",56,{"type":244,"name":272,"callback":273,"file":247,"line":274},"admin_footer","highlight_nua_menu",57,{"type":244,"name":276,"callback":277,"file":278,"line":279},"init","nua_load_email_tags","includes\\email-tags.php",258,{"type":244,"name":281,"callback":282,"file":278,"line":283},"nua_add_email_tags","nua_setup_email_tags",348,{"type":244,"name":285,"callback":286,"file":287,"line":288},"rest_api_init","register_user_routes","includes\\end-points\\invitation-code-api.php",26,{"type":244,"name":285,"callback":290,"file":291,"line":292},"register_mobile_apis","includes\\end-points\\mobile-api.php",13,{"type":244,"name":294,"callback":295,"priority":213,"file":291,"line":296},"nua_app_push_notif","sends_push_notification",14,{"type":244,"name":285,"callback":286,"file":298,"line":255},"includes\\end-points\\settings-api.php",{"type":244,"name":285,"callback":286,"file":300,"line":195},"includes\\end-points\\users-api.php",{"type":302,"name":303,"callback":304,"priority":213,"file":305,"line":306},"filter","nua_disable_welcome_email","nua_disable_welcome_email_callback","includes\\invitation-code.php",53,{"type":244,"name":308,"callback":309,"file":305,"line":310},"register_form","nua_invitation_code_field",65,{"type":302,"name":312,"callback":313,"priority":314,"file":305,"line":315},"register_post","nua_invitation_status_code_field_validation",6,69,{"type":302,"name":317,"callback":318,"priority":213,"file":305,"line":319},"woocommerce_register_post","nua_woocommerce_invitation_code_validation",75,{"type":302,"name":321,"callback":322,"priority":213,"file":305,"line":323},"new_user_approve_default_status","nua_invitation_status_code",82,{"type":244,"name":325,"callback":309,"file":305,"line":326},"woocommerce_register_form",88,{"type":244,"name":328,"callback":329,"priority":213,"file":305,"line":330},"um_after_form_fields","um_nua_invitation_code_field",93,{"type":244,"name":332,"callback":333,"priority":195,"file":305,"line":334},"um_submit_form_errors_hook__registration","um_invite_code_check",99,{"type":244,"name":336,"callback":333,"priority":195,"file":305,"line":337},"um_submit_form_errors_hook__profile",105,{"type":244,"name":339,"callback":333,"priority":195,"file":305,"line":89},"um_submit_form_errors_hook_login",{"type":244,"name":341,"callback":342,"priority":213,"file":305,"line":343},"nua_invited_user","message_above_regform",117,{"type":244,"name":345,"callback":346,"priority":213,"file":305,"line":347},"uwp_template_fields","uwp_nua_invitation_code_field",124,{"type":302,"name":349,"callback":350,"priority":213,"file":305,"line":14},"uwp_validate_fields_before","uwp_invite_code_check",{"type":302,"name":352,"callback":353,"priority":213,"file":305,"line":354},"new_user_approve_pending_message","msg_on_auto_approve_invitation_callback",1059,{"type":244,"name":356,"callback":357,"priority":213,"file":358,"line":359},"mepr-product-registration-metabox","nuamp_add_registration_field","includes\\memberpress.php",3,{"type":244,"name":361,"callback":362,"priority":213,"file":358,"line":363},"mepr-membership-save-meta","nuamp_add_registration_field_save",39,{"type":302,"name":365,"callback":366,"file":358,"line":367},"mepr-admin-members-cols","memberpress_add_nua_cloumn",78,{"type":244,"name":369,"callback":370,"priority":213,"file":358,"line":371},"mepr_members_list_table_row","memberpress_add_nua_rows",144,{"type":244,"name":373,"callback":374,"file":358,"line":375},"admin_head","memberpress_nua_col_width",146,{"type":244,"name":377,"callback":378,"file":358,"line":379},"memberpress_page_memberpress-members","update_user_status_from_memberpress_members_page",157,{"type":302,"name":381,"callback":382,"file":383,"line":384},"new_user_approve_show_membership_notice","nua_c2member_dismiss_membership_notice","includes\\plugins.php",17,{"type":244,"name":386,"callback":387,"file":388,"line":389},"load-users.php","update_action","includes\\user-list.php",33,{"type":244,"name":391,"callback":392,"priority":213,"file":388,"line":393},"restrict_manage_users","status_filter",34,{"type":244,"name":395,"callback":396,"file":388,"line":397},"pre_user_query","filter_by_status",40,{"type":244,"name":399,"callback":272,"file":388,"line":400},"admin_footer-users.php",41,{"type":244,"name":386,"callback":402,"file":388,"line":403},"bulk_action",42,{"type":244,"name":265,"callback":265,"file":388,"line":405},43,{"type":244,"name":407,"callback":408,"file":388,"line":409},"show_user_profile","profile_status_field",44,{"type":244,"name":411,"callback":408,"file":388,"line":248},"edit_user_profile",{"type":244,"name":413,"callback":414,"file":388,"line":252},"edit_user_profile_update","save_profile_status_field",{"type":244,"name":245,"callback":416,"priority":417,"file":388,"line":418},"pending_users_bubble",999,50,{"type":302,"name":420,"callback":421,"priority":213,"file":388,"line":306},"user_row_actions","user_table_actions",{"type":302,"name":423,"callback":424,"file":388,"line":425},"manage_users_columns","add_column",59,{"type":302,"name":427,"callback":428,"priority":213,"file":388,"line":429},"manage_users_custom_column","status_column",60,{"type":244,"name":285,"callback":431,"file":432,"line":433},"register_routes","includes\\zapier\\includes\\rest-api.php",35,{"type":244,"name":435,"callback":436,"file":437,"line":438},"new_user_approve_user_approved","user_approved","includes\\zapier\\includes\\user.php",32,{"type":244,"name":440,"callback":441,"file":437,"line":389},"new_user_approve_user_denied","user_denied",{"type":302,"name":321,"callback":443,"priority":417,"file":437,"line":393},"user_pending",{"type":244,"name":341,"callback":445,"priority":446,"file":437,"line":397},"user_auto_approved_via_inv_code",15,{"type":244,"name":448,"callback":449,"priority":446,"file":437,"line":252},"nua_whitelisted_users","user_auto_approved_via_whitelist",{"type":244,"name":451,"callback":452,"priority":446,"file":437,"line":259},"role_base_approval_completed","user_auto_approved_via_user_role",{"type":244,"name":373,"callback":454,"file":455,"line":409},"change_background_color","pw-new-user-approve.php",{"type":244,"name":457,"callback":458,"file":455,"line":248},"wp_loaded","admin_loaded",{"type":244,"name":460,"callback":461,"file":455,"line":252},"rightnow_end","dashboard_stats",{"type":244,"name":463,"callback":464,"priority":465,"file":455,"line":466},"user_register","delete_new_user_approve_transient",11,47,{"type":244,"name":468,"callback":464,"priority":465,"file":455,"line":469},"new_user_approve_approve_user",48,{"type":244,"name":471,"callback":464,"priority":465,"file":455,"line":472},"new_user_approve_deny_user",49,{"type":244,"name":474,"callback":464,"file":455,"line":418},"deleted_user",{"type":244,"name":476,"callback":477,"file":455,"line":256},"admin_enqueue_scripts","nua_admin_scripts",{"type":244,"name":312,"callback":479,"priority":213,"file":455,"line":306},"create_new_user",{"type":244,"name":481,"callback":482,"file":455,"line":263},"woocommerce_created_customer","nua_welcome_email_woo_new_user",{"type":244,"name":484,"callback":485,"priority":334,"file":455,"line":267},"lostpassword_post","lost_password",{"type":244,"name":463,"callback":487,"file":455,"line":270},"add_user_status",{"type":244,"name":463,"callback":489,"file":455,"line":274},"request_admin_approval_email_2",{"type":244,"name":468,"callback":491,"file":455,"line":492},"approve_user",58,{"type":244,"name":471,"callback":494,"file":455,"line":425},"deny_user",{"type":244,"name":471,"callback":496,"file":455,"line":429},"update_deny_status",{"type":244,"name":261,"callback":498,"file":455,"line":499},"nua_init_admin_functions",61,{"type":244,"name":501,"callback":502,"priority":213,"file":455,"line":503},"wp_login","login_user",62,{"type":302,"name":505,"callback":506,"file":455,"line":507},"wp_authenticate_user","authenticate_user",63,{"type":302,"name":509,"callback":510,"priority":334,"file":455,"line":511},"registration_errors","show_user_pending_message",64,{"type":302,"name":513,"callback":514,"file":455,"line":310},"login_message","welcome_user",{"type":302,"name":516,"callback":517,"priority":213,"file":455,"line":518},"new_user_approve_validate_status_update","validate_status_update",66,{"type":302,"name":520,"callback":521,"file":455,"line":522},"shake_error_codes","failure_shake",67,{"type":302,"name":524,"callback":525,"file":455,"line":526},"woocommerce_registration_auth_new_customer","disable_woo_auto_login",68,{"type":244,"name":528,"callback":529,"file":455,"line":315},"woocommerce_checkout_order_processed","disable_woo_auto_login_on_checkout",{"type":244,"name":245,"callback":246,"priority":531,"file":455,"line":532},5,70,{"type":244,"name":534,"callback":535,"file":455,"line":536},"plugins_loaded","wpdocs_load_textdomain",71,{"type":302,"name":538,"callback":539,"priority":195,"file":455,"line":540},"pmpro_setup_new_user","allow_pmpro_setup_user",73,{"type":244,"name":542,"callback":543,"priority":195,"file":455,"line":544},"pmpro_after_checkout","logout_after_pmpro_registration",74,{"type":244,"name":546,"callback":547,"priority":195,"file":455,"line":319},"the_content","nua_show_pending_user_message",{"type":302,"name":549,"callback":550,"priority":213,"file":455,"line":551},"woocommerce_email_recipient_customer_new_account","closure",669,{"type":302,"name":553,"callback":554,"file":455,"line":555},"wp_mail_content_type","welcome_html_content_type",702,{"type":302,"name":557,"callback":558,"file":455,"line":559},"woocommerce_email_enabled_customer_new_account","__return_false",822,[],[562,569,574,578,582,586,590,594,599,604,609,614,620,625,629,634,638,642,646,650,655,659,664,668,672,676,680,684,689,694,699,704,709,714,719,724,727,730,734,737,741],{"namespace":563,"route":564,"methods":565,"callback":567,"permissionCallback":568,"file":287,"line":255},"nua-request","\u002Fv1\u002Fsave-invitation-codes",[566],"POST","save_invitation_codes","nua_invitation_api_permission_callback",{"namespace":563,"route":570,"methods":571,"callback":573,"permissionCallback":568,"file":287,"line":397},"\u002Fv1\u002Fget-invitation-settings",[572],"GET","get_invitation_settings",{"namespace":563,"route":575,"methods":576,"callback":577,"permissionCallback":568,"file":287,"line":472},"\u002Fv1\u002Fupdate-invitation-settings",[572],"update_invitation_settings",{"namespace":563,"route":579,"methods":580,"callback":581,"permissionCallback":568,"file":287,"line":492},"\u002Fv1\u002Fget-nua-codes",[572],"get_nua_invite_codes",{"namespace":563,"route":583,"methods":584,"callback":585,"permissionCallback":568,"file":287,"line":522},"\u002Fv1\u002Fget-remaining-uses",[572],"get_remaining_uses",{"namespace":563,"route":587,"methods":588,"callback":589,"permissionCallback":568,"file":287,"line":146},"\u002Fv1\u002Fget-total-uses",[572],"get_total_uses",{"namespace":563,"route":591,"methods":592,"callback":593,"permissionCallback":568,"file":287,"line":223},"\u002Fv1\u002Fget-expiry",[572],"get_expiry",{"namespace":563,"route":595,"methods":596,"callback":597,"permissionCallback":568,"file":287,"line":598},"\u002Fv1\u002Fget-status",[572],"get_status",94,{"namespace":563,"route":600,"methods":601,"callback":602,"permissionCallback":568,"file":287,"line":603},"\u002Fv1\u002Fget-invited-users",[572],"get_invited_users",103,{"namespace":563,"route":605,"methods":606,"callback":607,"permissionCallback":568,"file":287,"line":608},"\u002Fv1\u002Fupdate-invitation-code",[566],"update_invitation_code",112,{"namespace":563,"route":610,"methods":611,"callback":612,"permissionCallback":568,"file":287,"line":613},"\u002Fv1\u002Fdelete-invCode",[566],"delete_invCode",121,{"namespace":563,"route":615,"methods":616,"callback":617,"permissionCallback":618,"file":291,"line":619},"\u002Fv1\u002Fconnect-app",[572],"connect_app_callback","__return_true",18,{"namespace":563,"route":621,"methods":622,"callback":623,"permissionCallback":618,"file":291,"line":624},"\u002Fv1\u002Fdisconnect-app",[572],"disconnect_app_callback",24,{"namespace":563,"route":626,"methods":627,"callback":628,"permissionCallback":618,"file":291,"line":175},"\u002Fv1\u002Fcheck-license",[572],"get_plugin_license_status_callback",{"namespace":563,"route":630,"methods":631,"callback":632,"permissionCallback":618,"file":291,"line":633},"\u002Fv1\u002Fget-dashboard-data",[572],"get_dashboard_data",36,{"namespace":563,"route":635,"methods":636,"callback":637,"permissionCallback":618,"file":291,"line":403},"\u002Fv1\u002Fget-all-requests",[572],"get_all_user_requests",{"namespace":563,"route":639,"methods":640,"callback":641,"permissionCallback":618,"file":291,"line":469},"\u002Fv1\u002Fget-user-details",[572],"get_user_details_callback",{"namespace":563,"route":643,"methods":644,"callback":645,"permissionCallback":618,"file":291,"line":263},"\u002Fv1\u002Fuser-approve",[572],"user_approve_request_callback",{"namespace":563,"route":647,"methods":648,"callback":649,"permissionCallback":618,"file":291,"line":429},"\u002Fv1\u002Fuser-deny",[572],"user_deny_request_callback",{"namespace":563,"route":651,"methods":652,"callback":653,"permissionCallback":654,"file":298,"line":633},"\u002Fv1\u002Fgeneral-settings",[572],"general_settings","nua_settings_api_permission_callback",{"namespace":563,"route":656,"methods":657,"callback":658,"permissionCallback":654,"file":298,"line":267},"\u002Fv1\u002Fhelp-settings",[572],"help_settings",{"namespace":563,"route":660,"methods":661,"callback":662,"permissionCallback":663,"file":300,"line":288},"\u002Fv1\u002Frecent-users",[572],"recent_users","nua_users_api_permission_callback",{"namespace":563,"route":665,"methods":666,"callback":667,"permissionCallback":663,"file":300,"line":433},"\u002Fv1\u002Fupdate-user",[566],"update_user",{"namespace":563,"route":669,"methods":670,"callback":671,"permissionCallback":663,"file":300,"line":409},"\u002Fv1\u002Fget-all-users",[572],"get_all_users",{"namespace":563,"route":673,"methods":674,"callback":675,"permissionCallback":663,"file":300,"line":306},"\u002Fv1\u002Fget-approved-users",[572],"get_approved_users",{"namespace":563,"route":677,"methods":678,"callback":679,"permissionCallback":663,"file":300,"line":503},"\u002Fv1\u002Fget-pending-users",[572],"get_pending_users",{"namespace":563,"route":681,"methods":682,"callback":683,"permissionCallback":663,"file":300,"line":536},"\u002Fv1\u002Fget-denied-users",[572],"get_denied_users",{"namespace":563,"route":685,"methods":686,"callback":687,"permissionCallback":663,"file":300,"line":688},"\u002Fv1\u002Fget-approved-user-roles",[572],"get_approved_user_roles",80,{"namespace":563,"route":690,"methods":691,"callback":692,"permissionCallback":663,"file":300,"line":693},"\u002Fv1\u002Fget-user-roles",[572],"get_user_roles",89,{"namespace":563,"route":695,"methods":696,"callback":697,"permissionCallback":663,"file":300,"line":698},"\u002Fv1\u002Fget-activity-log",[572],"get_activity_log",98,{"namespace":563,"route":700,"methods":701,"callback":702,"permissionCallback":663,"file":300,"line":703},"\u002Fv1\u002Fupdate-user-role",[566],"update_user_role",107,{"namespace":563,"route":705,"methods":706,"callback":707,"permissionCallback":663,"file":300,"line":708},"\u002Fv1\u002Fget-api-key",[572],"get_api_key",116,{"namespace":563,"route":710,"methods":711,"callback":712,"permissionCallback":663,"file":300,"line":713},"\u002Fv1\u002Fupdate-api-key",[566],"update_api_key",125,{"namespace":563,"route":715,"methods":716,"callback":717,"permissionCallback":663,"file":300,"line":718},"\u002Fv1\u002Fget-all-statuses-users",[572],"get_all_statuses_users",134,{"namespace":720,"route":721,"methods":722,"callback":723,"permissionCallback":618,"file":432,"line":409},"nua-zapier","\u002Fv1\u002Fauth",[572],"authenticate",{"namespace":720,"route":725,"methods":726,"callback":436,"permissionCallback":618,"file":432,"line":256},"\u002Fv1\u002Fuser-approved",[572],{"namespace":720,"route":728,"methods":729,"callback":441,"permissionCallback":618,"file":432,"line":274},"\u002Fv1\u002Fuser-denied",[572],{"namespace":720,"route":731,"methods":732,"callback":733,"permissionCallback":618,"file":432,"line":507},"\u002Fv1\u002Fuser-invcode",[572],"user_invcode",{"namespace":720,"route":735,"methods":736,"callback":443,"permissionCallback":618,"file":432,"line":315},"\u002Fv1\u002Fuser-pending",[572],{"namespace":720,"route":738,"methods":739,"callback":740,"permissionCallback":618,"file":432,"line":319},"\u002Fv1\u002Fuser-whitelisted",[572],"user_whitelisted",{"namespace":720,"route":742,"methods":743,"callback":744,"permissionCallback":618,"file":432,"line":745},"\u002Fv1\u002Fuser-approved-via-role",[572],"user_approved_via_role",81,[],[],{"dangerousFunctions":749,"sqlUsage":750,"outputEscaping":755,"fileOperations":763,"externalRequests":763,"nonceChecks":438,"capabilityChecks":296,"bundledLibraries":764},[],{"prepared":619,"raw":62,"locations":751},[752],{"file":388,"line":753,"context":754},692,"$wpdb->get_var() with variable interpolation",{"escaped":379,"rawEcho":756,"locations":757},2,[758,761],{"file":247,"line":759,"context":760},511,"raw output",{"file":455,"line":762,"context":760},654,4,[765],{"name":766,"version":767,"knownCves":768},"Freemius","1.0",[],[770,789,797,807,815,826],{"entryPoint":771,"graph":772,"unsanitizedCount":28,"severity":788},"user_table (includes\\admin-approve.php:260)",{"nodes":773,"edges":785},[774,779],{"id":775,"type":776,"label":777,"file":247,"line":778},"n0","source","$_REQUEST (x2)",362,{"id":780,"type":781,"label":782,"file":247,"line":783,"wp_function":784},"n1","sink","echo() [XSS]",448,"echo",[786],{"from":775,"to":780,"sanitized":787},true,"low",{"entryPoint":790,"graph":791,"unsanitizedCount":28,"severity":788},"\u003Cadmin-approve> (includes\\admin-approve.php:0)",{"nodes":792,"edges":795},[793,794],{"id":775,"type":776,"label":777,"file":247,"line":778},{"id":780,"type":781,"label":782,"file":247,"line":783,"wp_function":784},[796],{"from":775,"to":780,"sanitized":787},{"entryPoint":798,"graph":799,"unsanitizedCount":28,"severity":788},"um_nua_invitation_code_field (includes\\invitation-code.php:140)",{"nodes":800,"edges":805},[801,804],{"id":775,"type":776,"label":802,"file":305,"line":803},"$_POST[?]",158,{"id":780,"type":781,"label":782,"file":305,"line":803,"wp_function":784},[806],{"from":775,"to":780,"sanitized":787},{"entryPoint":808,"graph":809,"unsanitizedCount":28,"severity":788},"\u003Cinvitation-code> (includes\\invitation-code.php:0)",{"nodes":810,"edges":813},[811,812],{"id":775,"type":776,"label":802,"file":305,"line":803},{"id":780,"type":781,"label":782,"file":305,"line":803,"wp_function":784},[814],{"from":775,"to":780,"sanitized":787},{"entryPoint":816,"graph":817,"unsanitizedCount":28,"severity":788},"admin_notices (includes\\user-list.php:527)",{"nodes":818,"edges":824},[819,822],{"id":775,"type":776,"label":820,"file":388,"line":821},"$_REQUEST",553,{"id":780,"type":781,"label":782,"file":388,"line":823,"wp_function":784},568,[825],{"from":775,"to":780,"sanitized":787},{"entryPoint":827,"graph":828,"unsanitizedCount":28,"severity":788},"\u003Cuser-list> (includes\\user-list.php:0)",{"nodes":829,"edges":838},[830,832,834,836],{"id":775,"type":776,"label":831,"file":388,"line":703},"$_GET (x4)",{"id":780,"type":781,"label":782,"file":388,"line":833,"wp_function":784},278,{"id":835,"type":776,"label":820,"file":388,"line":821},"n2",{"id":837,"type":781,"label":782,"file":388,"line":823,"wp_function":784},"n3",[839,840],{"from":775,"to":780,"sanitized":787},{"from":835,"to":837,"sanitized":787},{"summary":842,"deductions":843},"The 'new-user-approve' plugin v3.2.4 exhibits a mixed security posture. On the positive side, the code demonstrates strong adherence to secure coding practices with an exceptionally high percentage of SQL queries using prepared statements and output escaping. Nonce and capability checks are also present in a reasonable number of places, indicating an awareness of common WordPress security vulnerabilities. Taint analysis shows no critical or high severity unsanitized paths, which is a very positive sign.\n\nHowever, significant concerns arise from the plugin's attack surface and its historical vulnerability record. A notable 15 out of 41 REST API routes lack permission callbacks, exposing these endpoints to potential unauthorized access and manipulation. Furthermore, the plugin has a history of 8 known CVEs, including one critical and one high-severity vulnerability in the past. While there are currently no unpatched vulnerabilities, this history suggests a recurring pattern of security weaknesses. Common vulnerability types like Missing Authorization, Exposure of Sensitive Information, CSRF, and XSS point to a need for more robust access control and input validation across the plugin's functionalities.\n\nIn conclusion, while the current version of 'new-user-approve' benefits from good internal coding practices like prepared statements and output escaping, the exposed REST API routes and the plugin's historical vulnerability patterns are significant risk factors. The lack of proper authorization on several REST API endpoints is a critical area of concern that could lead to unauthorized actions. Users should be cautious, and developers should prioritize patching these exposed endpoints and thoroughly reviewing the codebase for similar authorization flaws to improve the plugin's overall security.",[844,846,848,850],{"reason":845,"points":27},"REST API routes without permission callbacks",{"reason":847,"points":619},"History of 1 critical CVE",{"reason":849,"points":446},"History of 1 high CVE",{"reason":851,"points":763},"Bundled outdated library (Freemius v1.0)","2026-03-16T17:32:39.510Z",{"wat":854,"direct":865},{"assetPaths":855,"generatorPatterns":859,"scriptPaths":860,"versionParams":861},[856,857,858],"\u002Fwp-content\u002Fplugins\u002Fnew-user-approve\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fnew-user-approve\u002Fcss\u002Fstyle-rtl.css","\u002Fwp-content\u002Fplugins\u002Fnew-user-approve\u002Fjs\u002Fmain.js",[],[],[862,863,864],"new-user-approve\u002Fcss\u002Fstyle.css?ver=","new-user-approve\u002Fcss\u002Fstyle-rtl.css?ver=","new-user-approve\u002Fjs\u002Fmain.js?ver=",{"cssClasses":866,"htmlComments":924,"htmlAttributes":927,"restEndpoints":929,"jsGlobals":933,"shortcodeOutput":938},[867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923],"nua-section-title","nua-card","nua-card-body","nua-card-header","nua-card-title","nua-card-description","nua-card-actions","nua-button-primary","nua-button-secondary","nua-input-group","nua-input-label","nua-input-field","nua-checkbox-group","nua-checkbox-label","nua-checkbox-field","nua-radio-group","nua-radio-label","nua-radio-field","nua-textarea-group","nua-textarea-label","nua-textarea-field","nua-select-group","nua-select-label","nua-select-field","nua-table","nua-table-header","nua-table-row","nua-table-cell","nua-modal","nua-modal-overlay","nua-modal-content","nua-modal-header","nua-modal-title","nua-modal-body","nua-modal-footer","nua-modal-close","nua-toast","nua-toast-success","nua-toast-error","nua-toast-info","nua-spinner","nua-loading-overlay","nua-no-results","nua-empty-state","nua-form-group","nua-field-wrapper","nua-field-label","nua-field-input","nua-toggle","nua-toggle-switch","nua-toggle-label","nua-toggle-wrapper","nua-notification","nua-notification-icon","nua-notification-text","nua-app-logo","nua-app-title",[925,926],"\u003C!-- New User Approve Plugin -->","\u003C!-- END New User Approve Plugin -->",[928],"data-nua-setting",[930,931,932],"\u002Fwp-json\u002Fnew-user-approve\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fnew-user-approve\u002Fv1\u002Fusers","\u002Fwp-json\u002Fnew-user-approve\u002Fv1\u002Finvitations",[934,935,936,937],"window.nuaApproveSettings","NUA_AJAX_URL","NUA_REST_URL","NUA_VERSION",[939,940,941,942],"[new_user_approve_form]","[new_user_approve_registration_form]","[new_user_approve_login_form]","[new_user_approve_pending_message]"]