cleantalk
Vulnerabilities and Security Researches

AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress, CVE-2021-24288

CVE, Research URL

CVE-2021-24288

Home page URL

Security reports for AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress

Application

AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress

Published on
May 17, 2021
Research Description
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
Affected versions
max 7.5.0.
Status
vulnerable
Previous vulnerability researches
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2025-24617) , Feb 16, 2025
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2024-7384) , Aug 23, 2024
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2026-3614) , Apr 16, 2026
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2023-41867) , Jun 06, 2024
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2021-24288) , Jun 06, 2024
New vulnerability
WP YouTube Lyte (CVE-2026-3299) , Apr 16, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-13364) , Apr 16, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-39492) , Apr 16, 2026
Tutor LMS – eLearning and online course solution (CVE-2026-0548) , Apr 16, 2026
Tutor LMS – eLearning and online course solution (CVE-2026-40740) , Apr 16, 2026