Primary

Context

AcyMailing WordPress Plugin Missing Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A vulnerability exists in the AcyMailing WordPress plugin, specifically in versions through 10.8.2, due to missing authorization checks. This flaw allows authenticated users with subscriber-level access or higher to manipulate AcyMailing settings, export subscriber secret keys, and potentially take over administrator accounts if the target's email address is known.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in AcyMailing configurations, exposure of subscriber secret keys, and unauthorized access to administrator accounts.

Remediation

Users are advised to update the AcyMailing WordPress plugin to version 10.9.0 or later.

Added: May 20, 2026, 8:22 AM

Updated: May 20, 2026, 8:22 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.4

remediation

7.7

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.4

remediation

7.7

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AcyMailing WordPress Plugin Missing Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

AcyMailing

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating