GCVE - cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Acymailing (`e793a6e6-12d0-5a45-ac63-062287209ca7`)
Product	Acymailing (`c7c89958-c94f-5b95-ae80-2f5fb5fada2c`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-7384`	vulnerable	2026-06-03 14:58:05.764304	AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function HIGH (7.5) The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Published: 2024-08-22T02:02:02.326Z Updated: 2026-04-08T16:35:04.094Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/0c747bc9-582c-4b9f-85a4-469c446d50f5?source=cve https://plugins.trac.wordpress.org/browser/acymailing/trunk/back/libraries/wordpress/file.php#L47 https://wordpress.org/plugins/acymailing/#developers https://www.acymailing.com/changelog/ https://plugins.trac.wordpress.org/changeset?old_path=%2Facymailing&old=3118953&new_path=%2Facymailing&new=3137644&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41867`	vulnerable	2026-06-03 14:52:52.656261	WordPress AcyMailing SMTP Newsletter Plugin <= 8.6.2 is vulnerable to Cross Site Scripting (XSS) HIGH (7.1) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions. Published: 2023-09-25T18:41:54.912Z Updated: 2026-04-28T16:08:39.164Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/acymailing/wordpress-acymailing-plugin-8-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24288`	vulnerable	2026-06-03 14:43:56.722732	AcyMailing < 7.5.0 - Unauthenticated Open Redirect When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim. Published: 2021-05-17T16:48:52.000Z Updated: 2024-08-03T19:28:23.248Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.