Want to try live ? Try our free demo website

AcyMailing security update 🔐 – v8.7.0

Spaceman Mascotte 2

Unlock your emailing powers

Design newsletter or marketing campaigns easily with all our tools. Created in 2009, AcyMailing is the most robust and affordable solution on the market.
time and date
3 min reading – Last update: Aug 17, 2023

At AcyMailing, our top priority is ensuring the security and reliability of our email marketing and newsletter extension. We understand the critical importance of maintaining a safe environment for your online communications and campaigns. In our continuous efforts to provide the best possible experience for our users, we recently conducted a comprehensive front-end verification to address potential vulnerabilities and strengthen our platform's security, with the help of David Jardin, head of the Joomla security team.

Uncovering Vulnerabilities:

During our extensive assessment, we meticulously examined every aspect of AcyMailing's front-end features. This rigorous evaluation led us to identify and address four vulnerabilities that could potentially impact our users. We are committed to transparency and want to provide you with a clear understanding of these vulnerabilities, their nature, and the steps we've taken to rectify them.

Vulnerabilities Addressed:

  1. Cross-Site Scripting (XSS) Vulnerability: We identified and mitigated an XSS vulnerability that could potentially allow unauthorized access to campaigns. Our team has implemented robust security measures to prevent such exploits and ensure that your data remains safeguarded.
  2. Unauthorized List Creation: We discovered a vulnerability that could allow unauthorized users to create new mailing lists. This issue has been promptly addressed to prevent any unauthorized access or modifications to your email lists.
  3. Attachment Removal from Campaigns: Our assessment unveiled a vulnerability that could allow for the unauthorized removal of attachments from campaigns. We have taken decisive action to eliminate this vulnerability and ensure the integrity of your email campaigns.
  4. Subscriber List Enumeration: We identified a vulnerability that could enable unauthorized parties to get the number of subscribers in a specific list. We have enhanced our security measures to prevent any unauthorized access to your subscriber information.

Are you impacted?

It is important to note that these vulnerabilities are applicable only to AcyMailing Enterprise edition and specifically when the site owner has created a front-end campaigns management menu in a Joomla website. These vulnerabilities impact the versions 6.7.0 to 8.6.3 and have been patched in the version 8.7.0.
We recognize that some of our users utilize these advanced features, and we have focused our efforts on securing this specific scenario to guarantee the safety of your data.

How to update?

To update to the latest version of AcyMailing and benefit from this security patch, you can use the extensions update page on Joomla websites or the plugins update page on WordPress. You can also manually download the latest version from your account page (click the "Download" button once logged in on our website to be taken to your download area) then install this new version like any new extension: it will update AcyMailing if it is already installed on your website.

Our Commitment to Security:

We want to assure all our users that your security and the reliability of AcyMailing are of utmost importance to us. Our recent front-end verification and the subsequent enhancements made to address vulnerabilities demonstrate our unwavering commitment to delivering a secure and trustworthy platform for your email marketing needs. As always, we encourage you to keep your AcyMailing installation up to date to benefit from the latest security improvements and features.

Share the Post:

Related Posts

Create A/B testing Campaign

Create A/B testing campaign This feature allows you to identify the most effective elements, making it easier to optimise your newsletter. It is the ideal solution for creating a high-quality newsletter. A/B and multivariate tests can be used to test scenarios and choose the best one. But what’s A/B testing

Read More

Powerful tools

In the world of e-mail marketing and web development, the quality and security of communications are essential. That’s why we’ve put together a selection of powerful tools to help you optimise every aspect of your campaigns and development processes. AcyChecker We are excited to introduce AcyChecker, a web content accessibility

Read More

Header unsubscribe

In the world of email marketing, every detail counts in maintaining a solid relationship with your audience. One of these subtleties is hidden in the “Header List-Unsubscribe”. If this term seems obscure to you, don’t worry, you’re not alone. In this article, we’ll help you understand what it is and

Read More

Understanding Email Authentication Protocols: SPF, DKIM and DMARC.

The rapid growth of electronic communications has brought considerable benefits, but it has also opened the door to various online threats, such as phishing and email spoofing. To strengthen email security and combat these threats, authentication protocols such as SPF, DKIM and DMARC have been developed. A comprehensive understanding of

Read More