cleantalk
Vulnerabilities and Security Researches

ApplyOnline – Application Form Builder and Manager, CVE-2024-2036

CVE, Research URL

CVE-2024-2036

Home page URL

Security reports for ApplyOnline – Application Form Builder and Manager

Application

ApplyOnline – Application Form Builder and Manager

Published on
May 22, 2024
Research Description
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber access or higher, to view Application submissions.
Affected versions
Min -, max 2.6.3.
Status
vulnerable
Previous vulnerability researches
ApplyOnline – Application Form Builder and Manager (CVE-2025-22721) , Jan 19, 2025
ApplyOnline – Application Form Builder and Manager (CVE-2023-46080) , Jun 10, 2024
ApplyOnline – Application Form Builder and Manager (CVE-2024-10098) , May 17, 2025
ApplyOnline – Application Form Builder and Manager (CVE-2024-2036) , Jun 07, 2024
ApplyOnline – Application Form Builder and Manager (CVE-2023-24391) , Jun 07, 2024
New vulnerability
Responsive Contact Form Builder & Lead Generation Plugin (CVE-2024-10475) , May 17, 2025
ClipArt (CVE-2024-12726) , May 17, 2025
Photo Gallery, Images, Slider in Rbs Image Gallery (CVE-2024-13384) , May 17, 2025
Photo Gallery, Images, Slider in Rbs Image Gallery (CVE-2024-10144) , May 17, 2025
WP Google Review Slider (CVE-2024-11109) , May 17, 2025