vulnerability
WordPress Plugin: apply-online: CVE-2024-10098: Files or Directories Accessible to External Parties
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
3 | (AV:N/AC:L/Au:M/C:P/I:N/A:N) | Oct 31, 2024 | May 28, 2025 | May 28, 2025 |
Severity
3
CVSS
(AV:N/AC:L/Au:M/C:P/I:N/A:N)
Published
Oct 31, 2024
Added
May 28, 2025
Modified
May 28, 2025
Description
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.2 via the application upload functionality. This makes it possible for unauthenticated attackers to extract sensitive data from applications.
Solution
apply-online-plugin-cve-2024-10098

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.