Browse all 4 CVE security advisories affecting AcyMailing. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AcyMailing is a Joomla email marketing extension for creating and managing newsletters. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The extension has accumulated four CVEs to date, with some allowing attackers to execute arbitrary code or bypass security restrictions. While no major public incidents have been widely documented, the consistent discovery of critical vulnerabilities in this component highlights the importance of regular updates and input validation in email marketing tools. Security researchers have identified multiple injection flaws that could compromise entire Joomla installations if exploited.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-28733 | Stored XSS affecting the AcyMailing plugin for Joomla — Newsletter Plugin for Joomla in the Enterprise version CWE-20 | 7.2 | High | 2023-03-30 |
| CVE-2023-28732 | Missing access control affecting the AcyMailing plugin for Joomla — Newsletter Plugin for Joomla CWE-20 | 6.5 | Medium | 2023-03-30 |
| CVE-2023-28731 | Unauthenticated RCE affecting the AcyMailing plugin for Joomla — Newsletter Plugin for Joomla in the Enterprise versionCWE-20 | 9.8 | Critical | 2023-03-30 |
| CVE-2021-24288 | AcyMailing < 7.5.0 - Unauthenticated Open Redirect — Newsletter via SMTP, Sendinblue, Sendgrid, Mailgun - AcyMailing SMTP NewsletterCWE-601 | 6.1 | - | 2021-05-17 |
This page lists every published CVE security advisory associated with AcyMailing. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.