CVE-2024-10098

low

Description

The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain

References

https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/

Details

Source: Mitre, NVD

Published: 2025-05-15

Updated: 2025-06-09

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 2.7

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00023