2 matches found
CVE-2024-7384
CVE-2024-7384 affects AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress. All versions up to 9.7.2 are vulnerable due to missing file type validation in the acym_extractArchive function, allowing authenticated attackers with Subscriber-level access and abov...
WordPress AcyMailing SMTP Newsletter Plugin <= 9.7.2 is vulnerable to Arbitrary File Upload
Software AcyMailing SMTP Newsletter Type Plugin Vulnerable versions = 9.7.2 Fixed in 9.8.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7384 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 51ad1438d775 Credits Arkadiusz Hydzik Required...