VYPR
Vendor

Acymailing

Products
4
CVEs
13
Across products
14
Status
Private

Products

4

Recent CVEs

13
  • CVE-2018-9107HigMar 28, 2018
    risk 0.61cvss 8.8epss 0.07

    CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.

  • CVE-2018-9106HigMar 28, 2018
    risk 0.61cvss 8.8epss 0.06

    CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.

  • CVE-2026-3614HigApr 16, 2026
    risk 0.57cvss 8.8epss 0.00

    The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with…

  • CVE-2026-5200HigMay 20, 2026
    risk 0.50cvss 8.8epss 0.00

    The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to…

  • CVE-2025-24617HigFeb 14, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through < 9.11.1.

  • CVE-2023-28731Mar 30, 2023
    risk 0.01cvss epss 0.02

    AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise…

  • CVE-2024-7384Aug 22, 2024
    risk 0.00cvss epss 0.01

    The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This…

  • CVE-2023-41867Sep 25, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions.

  • CVE-2023-39970Aug 17, 2023
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution.

  • CVE-2023-28733Mar 30, 2023
    risk 0.00cvss epss 0.00

    AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in…

  • CVE-2023-28732Mar 30, 2023
    risk 0.00cvss epss 0.01

    Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects…

  • CVE-2020-10934Mar 24, 2020
    risk 0.00cvss epss 0.01

    Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.

  • CVE-2015-7338Mar 9, 2020
    risk 0.00cvss epss 0.01

    SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.