Want to try live ? Try our free demo website
Security update

AcyMailing security update 🔐 – v8.7.0

Spaceman Mascotte 2

Unlock your emailing powers

Design newsletter or marketing campaigns easily with all our tools. Created in 2009, AcyMailing is the most robust and affordable solution on the market.
time and date
3 min reading – Last update: Aug 17, 2023

At AcyMailing, our top priority is ensuring the security and reliability of our email marketing and newsletter extension. We understand the critical importance of maintaining a safe environment for your online communications and campaigns. In our continuous efforts to provide the best possible experience for our users, we recently conducted a comprehensive front-end verification to address potential vulnerabilities and strengthen our platform's security, with the help of David Jardin, head of the Joomla security team.

Uncovering Vulnerabilities:

During our extensive assessment, we meticulously examined every aspect of AcyMailing's front-end features. This rigorous evaluation led us to identify and address four vulnerabilities that could potentially impact our users. We are committed to transparency and want to provide you with a clear understanding of these vulnerabilities, their nature, and the steps we've taken to rectify them.

Vulnerabilities Addressed:

  1. Cross-Site Scripting (XSS) Vulnerability: We identified and mitigated an XSS vulnerability that could potentially allow unauthorized access to campaigns. Our team has implemented robust security measures to prevent such exploits and ensure that your data remains safeguarded.
  2. Unauthorized List Creation: We discovered a vulnerability that could allow unauthorized users to create new mailing lists. This issue has been promptly addressed to prevent any unauthorized access or modifications to your email lists.
  3. Attachment Removal from Campaigns: Our assessment unveiled a vulnerability that could allow for the unauthorized removal of attachments from campaigns. We have taken decisive action to eliminate this vulnerability and ensure the integrity of your email campaigns.
  4. Subscriber List Enumeration: We identified a vulnerability that could enable unauthorized parties to get the number of subscribers in a specific list. We have enhanced our security measures to prevent any unauthorized access to your subscriber information.

Are you impacted?

It is important to note that these vulnerabilities are applicable only to AcyMailing Enterprise edition and specifically when the site owner has created a front-end campaigns management menu in a Joomla website. These vulnerabilities impact the versions 6.7.0 to 8.6.3 and have been patched in the version 8.7.0.
We recognize that some of our users utilize these advanced features, and we have focused our efforts on securing this specific scenario to guarantee the safety of your data.

How to update?

To update to the latest version of AcyMailing and benefit from this security patch, you can use the extensions update page on Joomla websites or the plugins update page on WordPress. You can also manually download the latest version from your account page (click the "Download" button once logged in on our website to be taken to your download area) then install this new version like any new extension: it will update AcyMailing if it is already installed on your website.

Our Commitment to Security:

We want to assure all our users that your security and the reliability of AcyMailing are of utmost importance to us. Our recent front-end verification and the subsequent enhancements made to address vulnerabilities demonstrate our unwavering commitment to delivering a secure and trustworthy platform for your email marketing needs. As always, we encourage you to keep your AcyMailing installation up to date to benefit from the latest security improvements and features.

Share the Post:

Related Posts

deux figures d'acymailing

AcyMailing: 15 years of history, 2 key figures

AcyMailing is an extension specialising in emailing solutions for your CMS (WordPress and Joomla!). Launched in 2009, it has rapidly established itself as the benchmark for newsletters, with a community of over 60,000 users. To mark its 15th anniversary, we wanted to shine a spotlight on the company’s key figures.

Read More
deux figures d'acymailing

AcyMailing : 15 ans d’Histoire, 2 PersonnalitĂ©s ClĂ©s

AcyMailing est une extension spĂ©cialisĂ©e dans les solutions d’emailing pour vos CMS (WordPress et Joomla). LancĂ©e en 2009, elle s’est rapidement positionnĂ©e comme la rĂ©fĂ©rence en matiĂšre de newsletters, rassemblant une communautĂ© de plus de 60 000 utilisateurs. À l’occasion de ses 15 ans, nous avons souhaitĂ© mettre en lumiĂšre

Read More
multilanguage

AcyMailing translation for Joomla

How do texts get translated for Joomla? We initially included translations shared by the community in AcyMailing, but we lacked the knowledge to accurately judge the quality of the shared texts. We thus have a new way of handling translations that benefits both Joomla and WordPress users, while ensuring the

Read More