CVE-2024-10098
ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 2.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
15 may 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Unknown · ApplyOnline