CVE-2024-10098
ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Affected products
Unknown · ApplyOnline