AcyMailing
by Acymailing
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9107 | Hig | 0.61 | 8.8 | 0.07 | Mar 28, 2018 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | ||
| CVE-2026-3614 | Hig | 0.57 | 8.8 | 0.00 | Apr 16, 2026 | The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with… | ||
| CVE-2026-5200 | Hig | 0.50 | 8.8 | 0.00 | May 20, 2026 | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to… | ||
| CVE-2020-10934 | Hig | 0.47 | 7.2 | 0.01 | Mar 24, 2020 | Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. | ||
| CVE-2015-7338 | Hig | 0.47 | 7.2 | 0.01 | Mar 9, 2020 | SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. | ||
| CVE-2023-41867 | Hig | 0.46 | 7.1 | 0.00 | Sep 25, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions. |
- risk 0.61cvss 8.8epss 0.07
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
- risk 0.57cvss 8.8epss 0.00
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with…
- risk 0.50cvss 8.8epss 0.00
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to…
- risk 0.47cvss 7.2epss 0.01
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
- risk 0.47cvss 7.2epss 0.01
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
- risk 0.46cvss 7.1epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.