CVE-2024-2036

The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aolmodalbox AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscribe...

EUVD-2023-28447

Malicious code in bioql PyPI...

EUVD-2023-50045

Malicious code in bioql PyPI...

CVE-2024-10098

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain...

CVE-2024-10098

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain...

CVE-2024-10098

Summary of CVE-2024-10098 (ApplyOnline – WordPress) : The ApplyOnline WordPress plugin, prior to version 2.6.3, does not protect files uploaded during the application workflow. This allows unauthenticated users to access uploaded files and any private information they contain. Affected software: ...

CVE-2024-10098 ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain...

CVE-2024-10098 ApplyOnline – Application Form Builder and Manager < 2.6.3 - Unauthenticated Application File Access

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain...

PT-2025-21396 · WordPress · Applyonline

Name of the Vulnerable Software and Affected Versions: ApplyOnline WordPress plugin versions prior to 2.6.3 Description: The issue concerns the ApplyOnline WordPress plugin, which fails to protect files uploaded during the application process. This allows unauthenticated users to access these fil...

CVE-2025-22721 WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Farhan Noor ApplyOnline apply-online allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline: from n/a through = 2.6.7.1...

CVE-2025-22721

CVE-2025-22721 (ApplyOnline – Application Form Builder and Manager): Missing Authorization vulnerability due to incorrectly configured access control in ApplyOnline. Affected: ApplyOnline – Application Form Builder and Manager, versions n/a through 2.6.7.1. CVSS 3.1 base score 4.3 (Medium). Root ...

CVE-2025-22721 WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Farhan Noor ApplyOnline apply-online allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline: from n/a through = 2.6.7.1...

WordPress plugin ApplyOnline 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ApplyOnline versions = 2.6.7.1...

CVE-2023-46080 WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3...

WordPress ApplyOnline plugin <= 2.6.2 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Lucio Sá in WordPress Plugin ApplyOnline versions = 2.6.2...

CVE-2023-45756

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin = 2.5.2 versions...

CVE-2023-24391

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Spider Teams ApplyOnline plugin = 2.5 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Spider Teams ApplyOnline plugin = 2.5 versions...