{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/acymailing--an-ultimate-newsletter-plugin-and-marketing-automation-solution-for-wordpress-plugin--10.8.2/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-5200"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin \u003c= 10.8.2"],"_cs_severities":["high"],"_cs_tags":["acymailing","wordpress","authorization-bypass","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe AcyMailing plugin for WordPress, up to version 10.8.2, suffers from a missing authorization vulnerability (CVE-2026-5200). This flaw enables authenticated attackers with minimal subscriber-level privileges to bypass authorization checks and perform actions normally reserved for administrators. This includes modifying sensitive plugin configurations and exporting subscriber secret keys. A successful exploit could lead to a complete compromise of the WordPress installation, especially if the attacker knows the email address of an administrator, facilitating an account takeover. Defenders should prioritize patching and monitoring activity related to this plugin.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker registers an account on the WordPress site, obtaining subscriber-level access.\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates to the WordPress site using their subscriber credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request to modify AcyMailing configuration settings, bypassing authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies settings related to email sending or subscriber management within AcyMailing.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a separate HTTP request to export subscriber secret keys, again bypassing authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the exported secret keys to gain further access or impersonate subscribers.\u003c/li\u003e\n\u003cli\u003eIf the attacker knows the administrator\u0026rsquo;s email address, they leverage the modified settings and exported data to attempt an administrator account takeover.\u003c/li\u003e\n\u003cli\u003eSuccessful account takeover grants the attacker full control over the WordPress site.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to modify AcyMailing settings, potentially leading to spam campaigns originating from the compromised WordPress site. More critically, an attacker can export subscriber secret keys, which could be used for malicious purposes. If the administrator\u0026rsquo;s email is known, the attacker can leverage these exploits to achieve full administrator account takeover, leading to website defacement, data theft, or complete system compromise. The severity of this issue is reflected in its CVSS v3.1 base score of 8.8.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the AcyMailing plugin to the latest version, which includes a fix for CVE-2026-5200.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect unauthorized modification attempts on AcyMailing configuration.\u003c/li\u003e\n\u003cli\u003eMonitor WordPress web server logs for suspicious HTTP requests targeting AcyMailing endpoints, particularly those attempting to modify configuration settings.\u003c/li\u003e\n\u003cli\u003eReview AcyMailing access logs for any unusual activity originating from subscriber-level accounts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-20T08:17:06Z","date_published":"2026-05-20T08:17:06Z","id":"https://feed.craftedsignal.io/briefs/2026-05-acymailing-auth-bypass/","summary":"The AcyMailing plugin for WordPress is vulnerable to a missing authorization issue (CVE-2026-5200), allowing authenticated attackers with subscriber-level access to modify privileged AcyMailing configuration, export subscriber secret keys, and potentially achieve administrator account takeover if the administrator's email address is known.","title":"AcyMailing WordPress Plugin Missing Authorization Vulnerability (CVE-2026-5200)","url":"https://feed.craftedsignal.io/briefs/2026-05-acymailing-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress Plugin \u003c= 10.8.2","version":"https://jsonfeed.org/version/1.1"}