Lucene search
K

165 matches found

Nuclei
Nuclei
added 16 hours ago74 views

WordPress AcyMailing <7.5.0 - Open Redirect

WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user. id: CVE-2021-24288...

6.1CVSS6.4AI score0.01939EPSS
Exploits2References4
NVD
NVD
added yesterday3 views

CVE-2026-57741

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57740

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-57741 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57741

CVE-2026-57741 is a stored XSS vulnerability in the WordPress plugin “AcyMailing SMTP Newsletter” (AcyMailing) up to version 10.11.0. Affected component is the plugin’s web-facing input handling that allows improper neutralization of input during web page generation. The issue permits stored cros...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-57740 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-57739 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

9.3CVSS0.004EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-57739

CVE-2026-57739 affects the WordPress WordPress Plugin AcyMailing SMTP Newsletter (versions up to and including 10.11.0). The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, allowing blind SQL injection. According to the provided metrics, ...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-57740

CVE-2026-57740 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress AcyMailing Newsletter SMTP Newsletter plugin, affecting versions up to and including 10.11.1. The issue stems from incorrectly configured access control, enabling an attacker with network acces...

7.1CVSS6.1AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57768

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS6.1AI score0.00321EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57769

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-56292

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42591

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
CVE
CVE
added 5 days ago18 views

CVE-2026-56292

The CVE describes an SQL injection in the AcyMailing extension for Joomla, affecting versions older than 10.11.1. The underlying issue is a SQL query handling flaw in the AcyMailing component, allowing an attacker to achieve unauthorized database access and potential data leakage . Products: Joom...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2Affected Software1
NVD
NVD
added 5 days ago7 views

CVE-2026-12170

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' attribute in all versions up to, and including, 10.10.2 due to insufficient input sanitization and output escaping...

6.4CVSS0.00256EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-12170 AcyMailing <= 10.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alignment' Attribute

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' attribute in all versions up to, and including, 10.10.2 due to insufficient input sanitization and output escaping...

6.4CVSS0.00256EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42521

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' attribute in all versions up to, and including, 10.10.2 due to insufficient input sanitization and output escaping...

6.4CVSS6.1AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56808

Name of the Vulnerable Software and Affected Versions AcyMailing versions prior to 10.11.1 Description An unauthenticated SQL injection flaw exists in the AcyMailing component for Joomla. This issue allows a remote attacker to execute crafted SQL queries to gain unauthorized access to the databas...

9.2CVSS6.1AI score0.00263EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/07/06 1:52 p.m.6 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by kai63001 in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.0...

9.3CVSS6AI score0.004EPSS
Exploits0Affected Software1
Rows per page
Query Builder