The New User Approve plugin for WordPress has a security issue that allows unauthorized people to access data. This is because a necessary check was not included in the _admin_notices_hook function in versions 2.6.2 and below. As a result, users with contributor-level access or higher can see notices that were meant for admins only.