Vulnerabilities and security researches forapply-online apply-online

Jun 07, 2024

CVE, Research URL: CVE-2024-2036
Home page URL: Security reports for ApplyOnline – Application Form Builder and Manager
Application: ApplyOnline – Application Form Builder and Manager
Date: May 22, 2024
Research Description: The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber access or higher, to view Application submissions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-24391
Home page URL: Security reports for ApplyOnline – Application Form Builder and Manager
Application: ApplyOnline – Application Form Builder and Manager
Date: Aug 10, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-45756
Home page URL: Security reports for ApplyOnline – Application Form Builder and Manager
Application: ApplyOnline – Application Form Builder and Manager
Date: Oct 25, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin <= 2.5.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-46080
Home page URL: Security reports for ApplyOnline – Application Form Builder and Manager
Application: ApplyOnline – Application Form Builder and Manager
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3.
Affected versions: Min -, max -.
Status: vulnerable

Jan 19, 2025

CVE, Research URL: CVE-2025-22721
Home page URL: Security reports for ApplyOnline – Application Form Builder and Manager
Application: ApplyOnline – Application Form Builder and Manager
Date: Jan 21, 2025
Research Description: Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.6.7.1.
Affected versions: Min -, max -.
Status: vulnerable

May 17, 2025

CVE, Research URL: CVE-2024-10098
Home page URL: Security reports for ApplyOnline – Application Form Builder and Manager
Application: ApplyOnline – Application Form Builder and Manager
Date: May 16, 2025
Research Description: The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain
Affected versions: Min -, max -.
Status: vulnerable