Title: Plugin Security Risks (CSRF) Last modified: February 3, 2026 --- # Plugin Security Risks (CSRF) * Resolved [orbitmedia](https://wordpress.org/support/users/orbitmedia/) * (@orbitmedia) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-security-risks-csrf/) * WPEngine is flagging the current version of this plugin to pose a security risk. Will this be fixed in the next release? New User Approve <= 3.2.3 is vulnerable to Cross-Site Request Forgery (CSRF)Severity: low (7.1)Exploited: NoFixed in: No fix yetSecurity risk: csrf. This vulnerability allows an attacker to target privileged authenticated users with malicious links that make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators. Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Support [muddasirhayat](https://wordpress.org/support/users/muddasirhayat/) * (@muddasirhayat) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-security-risks-csrf/#post-18809608) * Hi [@orbitmedia](https://wordpress.org/support/users/orbitmedia/), * Thank you for reporting this and for sharing the details from WP Engine. * We’re aware of the CSRF warning in the current version and are actively working on addressing it. A fix is in progress and will be included in an upcoming release. We’ll update the plugin and this thread as soon as the patch is available. * We appreciate your patience and your help in keeping the plugin secure. * Best regards, WPExperts Support Team * Thread Starter [orbitmedia](https://wordpress.org/support/users/orbitmedia/) * (@orbitmedia) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-security-risks-csrf/#post-18809779) * That’s what I was hoping for, thank you. * Plugin Support [muddasirhayat](https://wordpress.org/support/users/muddasirhayat/) * (@muddasirhayat) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/plugin-security-risks-csrf/#post-18816546) * Hi [@orbitmedia](https://wordpress.org/support/users/orbitmedia/), * Thank you for your patience. * The updated plugin has now been released with fixes for the reported vulnerability. Please update to the latest version, either directly from your WordPress dashboard or by manually updating the plugin on your site. * If you have any questions or notice anything unexpected, please don’t hesitate to let us know. We really appreciate you bringing this to our attention. * Thank you, WPExperts Support Team * Plugin Support [muddasirhayat](https://wordpress.org/support/users/muddasirhayat/) * (@muddasirhayat) * [2 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-security-risks-csrf/#post-18841343) * Hi [@orbitmedia](https://wordpress.org/support/users/orbitmedia/), * Just a quick update. We will be closing this thread for now. * If you have any further questions or need assistance, please feel free to open a new thread and we will be happy to help. * Best regards, WPExperts Support Team Viewing 4 replies - 1 through 4 (of 4 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fplugin-security-risks-csrf%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/new-user-approve/assets/icon-128x128.gif?rev=2544141) * [New User Approve](https://wordpress.org/plugins/new-user-approve/) * [Frequently Asked Questions](https://wordpress.org/plugins/new-user-approve/#faq) * [Support Threads](https://wordpress.org/support/plugin/new-user-approve/) * [Active Topics](https://wordpress.org/support/plugin/new-user-approve/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/new-user-approve/unresolved/) * [Reviews](https://wordpress.org/support/plugin/new-user-approve/reviews/) * 6 replies * 2 participants * Last reply from: [muddasirhayat](https://wordpress.org/support/users/muddasirhayat/) * Last activity: [2 months, 3 weeks ago](https://wordpress.org/support/topic/plugin-security-risks-csrf/#post-18841343) * Status: resolved