cleantalk
Vulnerabilities and Security Researches

AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress, CVE-2024-7384

CVE, Research URL

CVE-2024-7384

Home page URL

Security reports for AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress

Application

AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress

Published on
Aug 22, 2024
Research Description
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 9.8.0.
Status
vulnerable
Previous vulnerability researches
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2025-24617) , Feb 16, 2025
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2024-7384) , Aug 23, 2024
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2026-3614) , Apr 16, 2026
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2023-41867) , Jun 06, 2024
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2021-24288) , Jun 06, 2024
New vulnerability
WP YouTube Lyte (CVE-2026-3299) , Apr 16, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-13364) , Apr 16, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-39492) , Apr 16, 2026
Tutor LMS – eLearning and online course solution (CVE-2026-0548) , Apr 16, 2026
Tutor LMS – eLearning and online course solution (CVE-2026-40740) , Apr 16, 2026