Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3614 | 2 Acyba, Wordpress | 2 Acymailing – An Ultimate Newsletter Plugin And Marketing Automation Solution For Wordpress, Wordpress | 2026-04-16 | 8.8 High |
| The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access admin-only controllers (including configuration management), enable the autologin feature, create a malicious newsletter subscriber with an injected `cms_id` pointing to any WordPress user, and then use the autologin URL to authenticate as that user, including administrators. | ||||
| CVE-2023-39970 | 1 Acyba | 1 Acymailing Starter | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution. | ||||
| CVE-2020-10934 | 1 Acyba | 1 Acymailing | 2024-11-21 | 7.2 High |
| Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. | ||||
| CVE-2018-9107 | 1 Acyba | 1 Acymailing | 2024-11-21 | N/A |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | ||||
| CVE-2018-9106 | 1 Acyba | 1 Acysms | 2024-11-21 | N/A |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | ||||
| CVE-2015-7338 | 1 Acyba | 1 Acymailing | 2024-11-21 | 7.2 High |
| SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. | ||||
Page 1 of 1.