WordPress Plugin Vulnerabilities

ApplyOnline < 2.5.4 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing or improper capability check on an unknown function, allowing authenticated attackers, with contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
apply-online
Fixed in 2.5.4

References

CVE
CVE-2023-46080
URL
https://patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
2.7 (low)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
7019ad59-d2d8-4ba8-9bf6-0035ff655ee0

Timeline

Publicly Published
2023-10-16 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-08 (about 2 years ago)

Other

Published
Title
Published
2024-07-04
Title
Charitable < 1.8.1.8 - Missing Authorization to Unauthorized Donation
Published
2023-11-15
Title
MP3 Audio Player for Music, Radio & Podcast by Sonaar < 4.10.1 - Missing Authorization to Template Import
Published
2025-12-27
Title
Stratum Widgets for Elementor < 1.6.2 - Missing Authorization
Published
2023-10-20
Title
wpDiscuz < 7.6.11 - Insufficient Authorization to Comment Submission on Deleted Posts
Published
2025-01-17
Title
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media < 1.4.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion