2 matches found
CVE-2026-5200
The vulnerability CVE-2026-5200 affects the AcyMailing WordPress plugin (versions up to 10.8.2). The root cause is Missing Authorization: authenticated users with subscriber-level access and above can perform unauthorized actions, including modifying privileged AcyMailing configuration and export...
CVE-2026-3614 AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...