← back
CVE-2024-10098

ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access

CVSS 2.7 LOWEPSS 0.3%
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Affected products
Unknown · ApplyOnline