CVE-2026-5200
- EPSS 0.34%
- Veröffentlicht 20.05.2026 06:46:04
- Zuletzt bearbeitet 20.05.2026 13:54:54
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that...
CVE-2026-3614
- EPSS 0.44%
- Veröffentlicht 16.04.2026 05:29:54
- Zuletzt bearbeitet 22.04.2026 20:22:50
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authentic...
CVE-2020-10934
- EPSS 1.3%
- Veröffentlicht 24.03.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:56:24
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
CVE-2015-7338
- EPSS 0.98%
- Veröffentlicht 09.03.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 02:36:37
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
CVE-2018-9107
- EPSS 7.42%
- Veröffentlicht 28.03.2018 04:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:58
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.