Search criteria
2 vulnerabilities found for ApplyOnline by Unknown
CVE-2024-10098 (GCVE-0-2024-10098)
Vulnerability from nvd – Published: 2025-05-15 20:06 – Updated: 2025-05-20 16:05
VLAI?
Title
ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access
Summary
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
Severity ?
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/242dac1f-9a1f-4f… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | ApplyOnline |
Affected:
0 , < 2.6.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10098",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T16:04:40.675672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T16:05:10.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ApplyOnline",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arian Mosallah"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T20:06:40.631Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ApplyOnline \u2013 Application Form Builder and Manager \u003c 2.6.3 - Unauthenticated Application File Access",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-10098",
"datePublished": "2025-05-15T20:06:40.631Z",
"dateReserved": "2024-10-17T17:33:08.173Z",
"dateUpdated": "2025-05-20T16:05:10.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10098 (GCVE-0-2024-10098)
Vulnerability from cvelistv5 – Published: 2025-05-15 20:06 – Updated: 2025-05-20 16:05
VLAI?
Title
ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access
Summary
The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
Severity ?
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/242dac1f-9a1f-4f… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | ApplyOnline |
Affected:
0 , < 2.6.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10098",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T16:04:40.675672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T16:05:10.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ApplyOnline",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arian Mosallah"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T20:06:40.631Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ApplyOnline \u2013 Application Form Builder and Manager \u003c 2.6.3 - Unauthenticated Application File Access",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-10098",
"datePublished": "2025-05-15T20:06:40.631Z",
"dateReserved": "2024-10-17T17:33:08.173Z",
"dateUpdated": "2025-05-20T16:05:10.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}