CVE-2026-57721
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
The ApplyOnline WordPress plugin contains a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels. This issue affects versions from n/a through 2.6.7.6.
Risk Assessment
An attacker can gain unauthorized access to administrative functions or data, leading to a breach of confidentiality and integrity of the system.
Recommendation
Immediately update the ApplyOnline plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6.

