Product

AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress Plugin <= 10.8.2

1 brief RSS

AcyMailing WordPress Plugin Missing Authorization Vulnerability (CVE-2026-5200)

The AcyMailing plugin for WordPress is vulnerable to a missing authorization issue (CVE-2026-5200), allowing authenticated attackers with subscriber-level access to modify privileged AcyMailing configuration, export subscriber secret keys, and potentially achieve administrator account takeover if the administrator's email address is known.

AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin <= 10.8.2 acymailing wordpress authorization-bypass privilege-escalation

2r 2t 1c 12h ago