Skip to main content

Acymailing

12 CVEs product

Monthly

CVE-2024-7384 HIGH PATCH This Week

The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Acymailing
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-41867 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39974 MEDIUM This Month

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Acymailing
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39973 MEDIUM This Month

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Acymailing
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-39972 MEDIUM This Month

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Acymailing
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-39971 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS.7.0-8.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-28733 MEDIUM This Month

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28732 HIGH This Week

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Acymailing
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28731 CRITICAL POC Act Now

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Microsoft Acymailing
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-24288 MEDIUM POC This Month

When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Acymailing
NVD WPScan
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-10934 HIGH This Week

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Acymailing
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2018-9107 HIGH POC This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Acymailing
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.4%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acymailing
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Acymailing
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Acymailing
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Acymailing
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS.7.0-8.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acymailing
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Acymailing
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Acymailing
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +2
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Acymailing
NVD WPScan
EPSS 1% CVSS 7.2
HIGH This Week

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Acymailing
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Acymailing
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy