← volver
CVE-2024-10098

ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access

CVSS 2.7 LOWEPSS 0.3%
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 2.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 may 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Unknown · ApplyOnline