Medium severity4.3NVD Advisory· Published May 22, 2024· Updated Jun 17, 2026
CVE-2024-2036
CVE-2024-2036
Description
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscriber access or higher, to view Application submissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.6.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.