Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

17 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/20 6:46 a.m.4 views

CVE-2026-5200

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS5.8AI score0.00044EPSS
Exploits0References3
Patchstack
Patchstackadded 2026/04/16 9:32 a.m.2 views

WordPress AcyMailing plugin 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

WordPress AcyMailing plugin 9.11.0 - 10.8.1 - Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Ren Voza in WordPress Plugin AcyMailing SMTP Newsletter versions 9.11.0-10.8.1...

8.8CVSS5.8AI score0.00023EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/04/16 6:16 a.m.1 views

CVE-2026-3614

The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...

8.8CVSS0.00023EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/04/16 12:0 a.m.0 views

PT-2026-33267

Name of the Vulnerable Software and Affected Versions AcyMailing versions 9.11.0 through 10.8.1 Description A missing capability check on the 'wp ajax acymailing router' AJAX handler allows authenticated attackers with Subscriber-level access or higher to access admin-only controllers, including...

8.8CVSS5.8AI score0.00023EPSS
Exploits0References13
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-46358

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00083EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 5:13 a.m.5 views

CVE-2023-41867

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AcyMailing Newsletter Team AcyMailing plugin = 8.6.2 versions...

7.1CVSS5.9AI score0.00083EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/02/14 12:44 p.m.12 views

CVE-2025-24617 WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through 9.11.1...

7.1CVSS0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/02/14 12:44 p.m.10 views

CVE-2025-24617 WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through 9.11.1...

7.1CVSS7.2AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/02/05 11:45 a.m.6 views

CVE-2024-7384

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acymextractArchive function in all versions up to, and including, 9.7.2. This makes it possible fo...

8.8CVSS7.5AI score0.1119EPSS
Exploits0References1
Patchstack
Patchstackadded 2024/12/30 12:55 a.m.2 views

WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin AcyMailing SMTP Newsletter versions 9.11.1...

7.1CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2024/08/22 2:2 a.m.2 views

EUVD-2024-48320

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acymextractArchive function in all versions up to, and including, 9.7.2. This makes it possible fo...

8.8CVSS7.1AI score0.1119EPSS
Exploits0References6
Patchstack
Patchstackadded 2024/08/22 12:34 a.m.3 views

WordPress AcyMailing plugin <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function vulnerability

Authenticated Subscriber+ Arbitrary File Upload via acymextractArchive Function vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin AcyMailing SMTP Newsletter versions = 9.7.2...

8.8CVSS7AI score0.1119EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2024/08/22 12:0 a.m.1 views

WordPress plugin AcyMailing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7AI score0.1119EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2023/03/30 11:27 a.m.5 views

CVE-2023-28733 Stored XSS affecting the AcyMailing plugin for Joomla

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...

7.2CVSS6.9AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/03/30 11:27 a.m.14 views

CVE-2023-28733 Stored XSS affecting the AcyMailing plugin for Joomla

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting XSS in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...

7.2CVSS7AI score0.00317EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/03/30 11:26 a.m.6 views

CVE-2023-28732 Missing access control affecting the AcyMailing plugin for Joomla

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plug...

6.5CVSS6.5AI score0.00475EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2023/03/30 11:25 a.m.9 views

CVE-2023-28731 Unauthenticated RCE affecting the AcyMailing plugin for Joomla

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0...

9.8CVSS9.8AI score0.09064EPSS
Exploits1References2
Rows per page
Query Builder