AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress — Vulnerabilities & Security Advisories 2

All 2 CVE vulnerabilities found in AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress, with AI-generated Chinese analysis, references, and POCs.

Vendor: acyba

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3614	AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation CWE-862	8.8	High	2026-04-16
CVE-2024-7384	AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function CWE-434	7.5	High	2024-08-22

All 2 known CVE vulnerabilities affecting AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress — Vulnerabilities & Security Advisories 2