Want to try live ? Try our free demo website
Security update

AcyMailing security update 🔐 – v8.7.0

Spaceman Mascotte 2

Unlock your emailing powers

Design newsletter or marketing campaigns easily with all our tools. Created in 2009, AcyMailing is the most robust and affordable solution on the market.
time and date
3 min reading – Last update: Aug 17, 2023

At AcyMailing, our top priority is ensuring the security and reliability of our email marketing and newsletter extension. We understand the critical importance of maintaining a safe environment for your online communications and campaigns. In our continuous efforts to provide the best possible experience for our users, we recently conducted a comprehensive front-end verification to address potential vulnerabilities and strengthen our platform's security, with the help of David Jardin, head of the Joomla security team.

Uncovering Vulnerabilities:

During our extensive assessment, we meticulously examined every aspect of AcyMailing's front-end features. This rigorous evaluation led us to identify and address four vulnerabilities that could potentially impact our users. We are committed to transparency and want to provide you with a clear understanding of these vulnerabilities, their nature, and the steps we've taken to rectify them.

Vulnerabilities Addressed:

  1. Cross-Site Scripting (XSS) Vulnerability: We identified and mitigated an XSS vulnerability that could potentially allow unauthorized access to campaigns. Our team has implemented robust security measures to prevent such exploits and ensure that your data remains safeguarded.
  2. Unauthorized List Creation: We discovered a vulnerability that could allow unauthorized users to create new mailing lists. This issue has been promptly addressed to prevent any unauthorized access or modifications to your email lists.
  3. Attachment Removal from Campaigns: Our assessment unveiled a vulnerability that could allow for the unauthorized removal of attachments from campaigns. We have taken decisive action to eliminate this vulnerability and ensure the integrity of your email campaigns.
  4. Subscriber List Enumeration: We identified a vulnerability that could enable unauthorized parties to get the number of subscribers in a specific list. We have enhanced our security measures to prevent any unauthorized access to your subscriber information.

Are you impacted?

It is important to note that these vulnerabilities are applicable only to AcyMailing Enterprise edition and specifically when the site owner has created a front-end campaigns management menu in a Joomla website. These vulnerabilities impact the versions 6.7.0 to 8.6.3 and have been patched in the version 8.7.0.
We recognize that some of our users utilize these advanced features, and we have focused our efforts on securing this specific scenario to guarantee the safety of your data.

How to update?

To update to the latest version of AcyMailing and benefit from this security patch, you can use the extensions update page on Joomla websites or the plugins update page on WordPress. You can also manually download the latest version from your account page (click the "Download" button once logged in on our website to be taken to your download area) then install this new version like any new extension: it will update AcyMailing if it is already installed on your website.

Our Commitment to Security:

We want to assure all our users that your security and the reliability of AcyMailing are of utmost importance to us. Our recent front-end verification and the subsequent enhancements made to address vulnerabilities demonstrate our unwavering commitment to delivering a secure and trustworthy platform for your email marketing needs. As always, we encourage you to keep your AcyMailing installation up to date to benefit from the latest security improvements and features.

Share the Post:

Related Posts

multilanguage

AcyMailing translation for Joomla

How do texts get translated for Joomla? We initially included translations shared by the community in AcyMailing, but we lacked the knowledge to accurately judge the quality of the shared texts. We thus have a new way of handling translations that benefits both Joomla and WordPress users, while ensuring the

Read More
multilanguage

AcyMailing translation for WordPress

How do texts get translated for WordPress? With AcyMailing, we use the standard WordPress translation system that guarantees the good quality of the translations: – The translations are first added by the community on this page– These translations are checked and approved by the translation team of each country– When 90% of the translation

Read More
Rédaction web

Complete guide to web copywriting

In a world saturated with online information, web copywriting has become essential. This introduction explores why it is essential, highlighting its crucial role in acquiring, engaging and retaining visitors, as well as asserting expertise and credibility online. What is web copywriting? Web copywriting is the art of writing content specifically

Read More
Rédaction web

Guide complet de la rédaction web

Dans un monde saturé d’informations en ligne, la rédaction web est devenue essentielle. Cette introduction explore pourquoi elle est indispensable, mettant en avant son rôle crucial dans l’acquisition, l’engagement et la fidélisation des visiteurs, ainsi que dans l’affirmation de l’expertise et de la crédibilité en ligne. Qu’est ce que la

Read More