Acymailing
Monthly
The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS.7.0-8.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS.7.0-8.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.