CVE-2026-57741 is a Stored XSS vulnerability in AcyMailing SMTP Newsletter. The issue affects AcyMailing SMTP Newsletter from n/a through <= 10.11.0. The vulnerability has a CVSS score of 7.1 and a HIGH severity rating. This vulnerability is caused by improper neutralization of input during web page generation, allowing for Stored XSS attacks. Users of AcyMailing SMTP Newsletter plugin for WordPress shoul [truncated]
HIGHAcyMailing Newsletter TeamCVE published 2026-07-13
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:40.340Z and has not been modified since then. A Missing Authorization vulnerability in AcyMailing SMTP Newsletter plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1. The vulnerability has [truncated]
CRITICALAcyMailing Newsletter TeamCVE published 2026-07-13
A critical SQL injection vulnerability was discovered in the AcyMailing SMTP Newsletter plugin. This issue, tracked as CVE-2026-57739, allows for blind SQL injection and has a CVSS score of 9.3. The vulnerability affects the plugin from its inception up to and including version 10.11.0. The vulnerability is caused by improper neutralization of special elements used in an SQL command, which can lead to una [truncated]