cleantalk
Vulnerabilities and Security Researches

ApplyOnline – Application Form Builder and Manager, CVE-2024-2036

CVE, Research URL

CVE-2024-2036

Home page URL

Security reports for ApplyOnline – Application Form Builder and Manager

Application

ApplyOnline – Application Form Builder and Manager

Published on
May 22, 2024
Research Description
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber access or higher, to view Application submissions.
Affected versions
max 2.6.3.
Status
vulnerable
Previous vulnerability researches
ApplyOnline – Application Form Builder and Manager (CVE-2025-22721) , Jan 19, 2025
ApplyOnline – Application Form Builder and Manager (CVE-2023-46080) , Jun 10, 2024
ApplyOnline – Application Form Builder and Manager (CVE-2024-10098) , May 17, 2025
ApplyOnline – Application Form Builder and Manager (CVE-2024-2036) , Jun 07, 2024
ApplyOnline – Application Form Builder and Manager (CVE-2023-24391) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025