VYPR

AcyMailing

by Acymailing

CVEs (6)

  • CVE-2018-9107HigMar 28, 2018
    risk 0.61cvss 8.8epss 0.07

    CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.

  • CVE-2026-3614HigApr 16, 2026
    risk 0.57cvss 8.8epss 0.00

    The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with…

  • CVE-2026-5200HigMay 20, 2026
    risk 0.50cvss 8.8epss 0.00

    The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to…

  • CVE-2020-10934HigMar 24, 2020
    risk 0.47cvss 7.2epss 0.01

    Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.

  • CVE-2015-7338HigMar 9, 2020
    risk 0.47cvss 7.2epss 0.01

    SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.

  • CVE-2023-41867HigSep 25, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.