2 matches found
CVE-2024-2036 ApplyOnline – Application Form Builder and Manager <= 2.6.2 - Missing Authorization to Sensitive Information Exposure
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aolmodalbox AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscribe...
WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.6.2 is vulnerable to Broken Access Control
Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2036 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 21265227face...