Acymailing
Products
4- 11 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9107 | Hig | 0.61 | 8.8 | 0.07 | Mar 28, 2018 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | ||
| CVE-2018-9106 | Hig | 0.61 | 8.8 | 0.06 | Mar 28, 2018 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | ||
| CVE-2026-3614 | Hig | 0.57 | 8.8 | 0.00 | Apr 16, 2026 | The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with… | ||
| CVE-2026-5200 | Hig | 0.50 | 8.8 | 0.00 | May 20, 2026 | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to… | ||
| CVE-2025-24617 | Hig | 0.46 | 7.1 | 0.00 | Feb 14, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through < 9.11.1. | ||
| CVE-2023-28731 | 0.01 | — | 0.02 | Mar 30, 2023 | AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise… | |||
| CVE-2024-7384 | 0.00 | — | 0.01 | Aug 22, 2024 | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This… | |||
| CVE-2023-41867 | 0.00 | — | 0.00 | Sep 25, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions. | |||
| CVE-2023-39970 | 0.00 | — | 0.01 | Aug 17, 2023 | Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution. | |||
| CVE-2023-28733 | 0.00 | — | 0.00 | Mar 30, 2023 | AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in… | |||
| CVE-2023-28732 | 0.00 | — | 0.01 | Mar 30, 2023 | Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects… | |||
| CVE-2020-10934 | 0.00 | — | 0.01 | Mar 24, 2020 | Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. | |||
| CVE-2015-7338 | 0.00 | — | 0.01 | Mar 9, 2020 | SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. |
- risk 0.61cvss 8.8epss 0.07
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
- risk 0.61cvss 8.8epss 0.06
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.
- risk 0.57cvss 8.8epss 0.00
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with…
- risk 0.50cvss 8.8epss 0.00
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through < 9.11.1.
- CVE-2023-28731Mar 30, 2023risk 0.01cvss —epss 0.02
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise…
- CVE-2024-7384Aug 22, 2024risk 0.00cvss —epss 0.01
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This…
- CVE-2023-41867Sep 25, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.
- CVE-2023-39970Aug 17, 2023risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution.
- CVE-2023-28733Mar 30, 2023risk 0.00cvss —epss 0.00
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in…
- CVE-2023-28732Mar 30, 2023risk 0.00cvss —epss 0.01
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects…
- CVE-2020-10934Mar 24, 2020risk 0.00cvss —epss 0.01
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
- CVE-2015-7338Mar 9, 2020risk 0.00cvss —epss 0.01
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.