Lucene search
+L

24 matches found

Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-57740 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-57739

CVE-2026-57739 affects the WordPress WordPress Plugin AcyMailing SMTP Newsletter (versions up to and including 10.11.0). The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, allowing blind SQL injection. According to the provided metrics, ...

9.3CVSS6.1AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 8:16 a.m.7 views

CVE-2026-12170

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' attribute in all versions up to, and including, 10.10.2 due to insufficient input sanitization and output escaping...

6.4CVSS0.00256EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 6:52 a.m.8 views

EUVD-2026-42521

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' attribute in all versions up to, and including, 10.10.2 due to insufficient input sanitization and output escaping...

6.4CVSS6.1AI score0.00256EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/06 1:41 p.m.4 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.0...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.14 views

CVE-2026-3614

The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...

8.8CVSS5.5AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.13 views

CVE-2026-5200

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS5.5AI score0.00336EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:46 a.m.9 views

CVE-2026-5200

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS5.8AI score0.00336EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/16 9:32 a.m.8 views

WordPress AcyMailing plugin 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

WordPress AcyMailing plugin 9.11.0 - 10.8.1 - Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Ren Voza in WordPress Plugin AcyMailing SMTP Newsletter versions 9.11.0-10.8.1...

8.8CVSS5.8AI score0.00435EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/16 6:16 a.m.10 views

CVE-2026-3614

The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...

8.8CVSS0.00435EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.9 views

PT-2026-33267

Name of the Vulnerable Software and Affected Versions AcyMailing versions 9.11.0 through 10.8.1 Description A missing capability check on the 'wp ajax acymailing router' AJAX handler allows authenticated attackers with Subscriber-level access or higher to access admin-only controllers, including...

8.8CVSS5.8AI score0.00435EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-46358

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:13 a.m.8 views

CVE-2023-41867

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AcyMailing Newsletter Team AcyMailing plugin = 8.6.2 versions...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/14 12:44 p.m.19 views

CVE-2025-24617 WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through 9.11.1...

7.1CVSS0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/14 12:44 p.m.16 views

CVE-2025-24617 WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Reflected XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through 9.11.1...

7.1CVSS7.2AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:45 a.m.19 views

CVE-2024-7384

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acymextractArchive function in all versions up to, and including, 9.7.2. This makes it possible fo...

8.8CVSS7.5AI score0.00958EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/30 12:55 a.m.6 views

WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin AcyMailing SMTP Newsletter versions 9.11.1...

7.1CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2024/08/22 2:2 a.m.7 views

EUVD-2024-48320

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acymextractArchive function in all versions up to, and including, 9.7.2. This makes it possible fo...

8.8CVSS7.1AI score0.00958EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/08/22 12:34 a.m.11 views

WordPress AcyMailing plugin <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function vulnerability

Authenticated Subscriber+ Arbitrary File Upload via acymextractArchive Function vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin AcyMailing SMTP Newsletter versions = 9.7.2...

8.8CVSS7AI score0.00958EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.7 views

WordPress plugin AcyMailing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7AI score0.00958EPSS
Exploits0References7
Rows per page
Query Builder