CVE-2024-10098

low-risk
Published 2025-05-15

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.7/10 Low
NETWORK / LOW complexity

Affected Products (1)

Applyonline - Application Form Builder And Manager

Affected Vendors

Spiderteams

References (2)

Exploit https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/
Exploit https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/
20
/ 100
low-risk
Severity 14/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal