Major security update Joomla/WordPressAn XSS vulnerability

ssnobben

Vulnerability patch malicious file creation

Joomla/WordPressAn XSS vulnerability that doesn't require an account has been patched

( XSS vulnerability that doesn't require an account, ensuring the safety of our users. We let you know that we fixed a security issue that allowed malicious file creation on versions prior to v8.5.0. )

How can you get this important security patch if you not just now have an active pro subscription now? Is there a manual patch you can fix with this patch file?

jvstratum

Hi,

Please note that updates and ticket support are exclusively available for our customers with an active Essential or Enterprise license.

If your license has expired we kindly invite you to renew your license which entitles you to get the update. Alternativly you can download and install the free Starter version, which has this update included.

pabloapico

Hello, Could you please clarify if this vulnerability affects 5x, 6x, or 7x versions as well?
Clearly it affects 8x version but the message was not clear about previous major versions.

mihha

The latest vulnerability that was discovered and patched in the AcyMailing 8.7.0 affects all the versions from 6.7.0 till 8.6.3

https://www.acymailing.com/acymailing-release-security-%f0%9f%94%90-news-updates/

It is important to note that these vulnerabilities are applicable only to AcyMailing Enterprise edition and specifically when the site owner has created a front-end campaigns management menu in a Joomla website.