Want to try live ? Try our free demo website

AcyMailing security update 🔐 – v8.7.0

Spaceman Mascotte 2

Unlock your emailing powers

Design newsletter or marketing campaigns easily with all our tools. Created in 2009, AcyMailing is the most robust and affordable solution on the market.
time and date
3 min reading – Last update: Aug 17, 2023

At AcyMailing, our top priority is ensuring the security and reliability of our email marketing and newsletter extension. We understand the critical importance of maintaining a safe environment for your online communications and campaigns. In our continuous efforts to provide the best possible experience for our users, we recently conducted a comprehensive front-end verification to address potential vulnerabilities and strengthen our platform's security, with the help of David Jardin, head of the Joomla security team.

Uncovering Vulnerabilities:

During our extensive assessment, we meticulously examined every aspect of AcyMailing's front-end features. This rigorous evaluation led us to identify and address four vulnerabilities that could potentially impact our users. We are committed to transparency and want to provide you with a clear understanding of these vulnerabilities, their nature, and the steps we've taken to rectify them.

Vulnerabilities Addressed:

  1. Cross-Site Scripting (XSS) Vulnerability: We identified and mitigated an XSS vulnerability that could potentially allow unauthorized access to campaigns. Our team has implemented robust security measures to prevent such exploits and ensure that your data remains safeguarded.
  2. Unauthorized List Creation: We discovered a vulnerability that could allow unauthorized users to create new mailing lists. This issue has been promptly addressed to prevent any unauthorized access or modifications to your email lists.
  3. Attachment Removal from Campaigns: Our assessment unveiled a vulnerability that could allow for the unauthorized removal of attachments from campaigns. We have taken decisive action to eliminate this vulnerability and ensure the integrity of your email campaigns.
  4. Subscriber List Enumeration: We identified a vulnerability that could enable unauthorized parties to get the number of subscribers in a specific list. We have enhanced our security measures to prevent any unauthorized access to your subscriber information.

Are you impacted?

It is important to note that these vulnerabilities are applicable only to AcyMailing Enterprise edition and specifically when the site owner has created a front-end campaigns management menu in a Joomla website. These vulnerabilities impact the versions 6.7.0 to 8.6.3 and have been patched in the version 8.7.0.
We recognize that some of our users utilize these advanced features, and we have focused our efforts on securing this specific scenario to guarantee the safety of your data.

How to update?

To update to the latest version of AcyMailing and benefit from this security patch, you can use the extensions update page on Joomla websites or the plugins update page on WordPress. You can also manually download the latest version from your account page (click the "Download" button once logged in on our website to be taken to your download area) then install this new version like any new extension: it will update AcyMailing if it is already installed on your website.

Our Commitment to Security:

We want to assure all our users that your security and the reliability of AcyMailing are of utmost importance to us. Our recent front-end verification and the subsequent enhancements made to address vulnerabilities demonstrate our unwavering commitment to delivering a secure and trustworthy platform for your email marketing needs. As always, we encourage you to keep your AcyMailing installation up to date to benefit from the latest security improvements and features.

Share the Post:

Related Posts

How can you use email in your omnichannel marketing strategy?

In today’s complex marketing landscape, where customers interact with brands across a multitude of channels, the question of how to effectively integrate email into an omnichannel marketing strategy is more relevant than ever. While social media and other digital platforms often dominate discussions, email remains a powerful and indispensable tool

Read More

How can you use e-mail retargeting campaigns to engage prospects?

According to a survey carried out by the Toluna Harris Interactive Institute for Fevad, 9 out of 10 consumers shop online on all screens. Despite these figures, generating sales is one of the most difficult challenges in today’s competitive business environment. While it’s easy to attract prospects, the challenge lies

Read More