Headline

CVE-2023-28733: Changelog - AcyMailing

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign’s creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #mac #wordpress #php #auth

AcyMailing 5.10.18

December 10, 2020

Improvements & fixes
AcyMailing 6.19.3

December 18, 2020

Bug fixes
AcyMailing 6.19.2

December 10, 2020

Improvements
- New button to be redirected on the wordpress support of AcyMailing
Bug fixes
AcyMailing 6.19.1

December 9, 2020

Bug fixes
AcyMailing 5.10.17

December 2, 2020

Improvements & fixes
AcyMailing 6.19.0

December 1, 2020

Features****Improvements****Bug fixes
AcyMailing 6.18.2

November 12, 2020

Bug fixes
AcyMailing 6.18.0

November 9, 2020

Features****Improvements****Bug fixes
AcyMailing 6.17.1

October 28, 2020

Bug fixes
- Fixed date for scheduled campaign showing with the timezone
AcyMailing 6.17.0

October 19, 2020

Features****Improvements****Bug fixes
AcyMailing 5.10.16

October 15, 2020

Features
- A new plugin lets you restrict the available fields when importing users from the front-end
Improvements & fixes
AcyMailing 6.16.4

October 8, 2020

Bug fixes
AcyMailing 6.16.3

October 7, 2020

Bug fixes
AcyMailing 6.16.2

October 1, 2020

Bug fixes
AcyMailing 6.16.1

September 29, 2020

Bug fixes
- Hide php warning from other plugins
AcyMailing 6.16.0

September 28, 2020

Features****Improvements****Bug fixes
AcyMailing 6.15.1

Septempber 9, 2020

Improvements****Bug fixes
AcyMailing 6.15.0

September 7, 2020

Features****Improvements****Bug fixes
AcyMailing 6.14.1

August 19, 2020

Improvements
- Remove check version in the starter version
Bug fixes
AcyMailing 6.14.0

August 17, 2020

New features****Improvements****Bug fixes
AcyMailing 5.10.15

August 7, 2020

Improvements****Bug fixes
AcyMailing 6.13.3

August 3, 2020

Bug fixes
AcyMailing 6.13.2

July 30, 2020

Bug fixes
AcyMailing 6.13.1

July 29, 2020

Bug fixes
AcyMailing 6.13.0

July 27, 2020

New features
- New design and UX for listing toolbar
- Added the possibility to create a list on the import in the list selection modal
- Added settings for the following add-ons: article, DOCman, DPcalendar, Easyblog, Easyprofile, EventBooking, FlexiContent, Hikashop, ICagenda, JDownloads, JEvent, K2, RSEventPro, RSS, Seblod, Virtumart
- Added settings for the following add-ons: post, page, RSS, The Event Calendar, Woocommerce
- New Giphy integration in the drag and drop editor
- Added the possibility to create custom view for each add-on to override the content inserted in the drag and drop editor
Improvements****Bug fixes
AcyMailing 6.12.1

July 27, 2020

New features****Improvements****Bug fixes
AcyMailing 6.12.0

July 6, 2020

New features****Improvements****Bug fixes
AcyMailing 6.11.1

June 17, 2020

Bug fixes
AcyMailing 6.11.0

June 15, 2020

New features****Improvements
- You can now add a message at the beginning of emails sent as tests
- Better display for the dynamic content insertion options (insertion of site articles in an email for example)
- The emails listing has been re-made: the “Campaigns” menu is renamed into “Emails” and the listing show four types of email
- The user listing has been improved, the data is displayed in a better way, and you can filter users by subscription
- The email creation has been improved, you can now pre-select the type of email you want to create (campaign / auto / scheduled / welcome / unsubscribe)
- You can now Unsubscribe / re-subscribe for all the lists at a time in the user edition page
- The bounce rule creation page has been improved and a presentation of the bounce handling feature has been added
- New export button on the lists listing to export subscribers
- The custom fields edition page has been redesigned and simplified
- The lists listing page has been improved and more information has been added
- New description field for lists, it will be added on the profile page as a tooltip in a future release
- The user “Source” is now easier to understand
- Cancel buttons added in various locations (import / export / mail edition…)
- New full translation in Japanese, Lithuanian, Spanish
- More translations in Catalan, Czech, Dutch, German, German (Switzerland), Norwegian (Bokmål), Polish, Romanian, Slovenian, Swedish
Bug fixes
AcyMailing 6.10.4

May 13, 2020

Improvements
- PHP 7.4 compatibility
- Much easier way to attach a site with a license in the configuration
- The length of the “Email preview line” option is now limited to 255 characters
- The “Every week on Monday, Friday” trigger now takes the site’s timezone into account in automations and periodic campaigns
- New security added on the custom fields names and unique code generation
- Better custom fields migration from the v5
- The shared servers email addresses are now handled in the bounce handling
- A new “revealonline” CSS class is now available, to hide something in the receiver’s mailbox and show it on the online version
- New full Serbian translation
- Translation update and corrections for Danish, German, Finnish, French, Norwegian, Romanian, Russian, Slovenian, Swedish, Turkish and Ukrainian
Bug fixes
AcyMailing 5.10.14

May 13, 2020

Improvements****Bug fixes
AcyMailing 6.10.2

April 21, 2020

Features****Improvements****Bug fixes
AcyMailing 6.10.1

April 7, 2020

Bug fixes
AcyMailing 6.10.0

April 6, 2020

New features****Improvements****Bug fixes
AcyMailing 6.9.2

March 23, 2020

Vulnerability on file upload fixed when having admin access to AcyMailing pages. Any wrong file uploaded will be cleaned during the update process.
We strongly recommend to update AcyMailing as soon as possible, more information will be added in the related CVE

Bug fixes
AcyMailing 6.9

March 9, 2020

Improvements
- The user import choices are now stored
- Greatly improved performances on the click tracking system, emails should be sent much faster
- Added the “hideonline” CSS class on emails. When added on an element, it will be hidden on the archive and “View it online” link
- Added the click statistics on the campaigns listing
- The detailed statistics are now no longer ordered randomly if the sending date is the same for every user
- You can now search multiple words in the dropdown fields (like the mail selection dropdown in the statistics page)
- Improved the “Check database integrity” feature to clean data from some AcyMailing tables, and translate result
- Improved the way custom fields are displayed when inserted in an email, for dropdown, radio and checkbox fields
- The welcome email is now not sent when the user isn’t active
- Better display for the “Send settings” step of campaigns
- Queued emails are now automatically removed for inactive users two days after the sending date
- [addon] New add-on for ICagenda, event insertion and user filter by event subscription
- [addon] Added compatibility with HikaShop 4
- Added multi-language compatibility when inserting articles in emails (for the link applied on the title)
- Tracked links are not processed by the sef system anymore, for special sef extension compatibility
- Improved the router for a better compatibility with the Joomla sef system on unsubscribe and online links, for multi-language sites
- AcyMailing will now instantly know it when you attached your website to your license when trying to update in WordPress
- A better url is used for the “Terms and conditions” post
- Code adaptation for WordPress standards
- Added compatibility with the plugin Schema and structured data for wp
- More translations for Chinese, Norwegian, Romanian, Slovenian
- Full Swedish translation
Bug fixes
AcyMailing 5.10.13

March 3, 2020

Modifications
AcyMailing 6.8

February 3, 2020

New features****Improvements****Bug fixes
AcyMailing 6.7

January 13, 2020

New features****Improvements
- Editor: auto-hide the test zone if the email is successfully sent
- Editor: the title is now added on inserted images
- Editor: when inserting a separator, a new option lets you add some space below and above
- Editor: the drag & drop editor now opens in full screen mode
- Better interface for the “Test” step of the Campaign’s edition page
- Improved the AcyMailing left menu when the window is resized
- Improved the AcyMailing header’s display on small screens and tablets
- “Cancel” buttons have been added on multiple edition pages (List, user, bounce rule, custom field…)
- The add-ons are now ordered alphabetically for an easier search
- Improved performances on style and script loading for each AcyMailing page
- The FontAwesome library isn’t loaded anymore, used fonts are now embed in AcyMailing to improve the page load speed
- New option in the mail configuration to disable automatic hyphens in paragraphs for sent emails
- New option to show the site’s header on the unsubscribe page
- The “Bounce email address” option is now available in the free version in the “Mail settings” tab of the configuration
- In the bounce handling system, you can now connect to a mailbox using the “Pop3 without imap extension” method
- The “source” is automatically completed when a new AcyMailing user is created
- Automations: added a confirmation when deleting an email in the “Add an email in the queue” action
- Translation improvements: German, French, Hungarian, Norwegian, Russian, Turkish, Ukrainian
- New full translation: Slovenian
Bug fixes
AcyMailing 5.10.12

January 10, 2020

Improvements****Bug fixes
AcyMailing 6.6.0

December 2, 2019

New features****Improvements
- All the add-ons now have options for the automatic campaigns to automatically send the new content to your users
- Better alignment for Follow buttons in Outlook 2007 - 2010
- Better UX for the list’s edition page
- The shown statistics numbers are now consistent in the campaigns listing and the statistics page
- In some mail clients, a 1px border may appear around your emails, this is no longer the case
- The mobile preview has been inproved, and no more double scrollbar
- The default templates have been remade to include this version’s improvements
- The campaign’s settings are now applied on the dynamic content inserted in your emails (like the site’s articles/posts)
- Improved the campaigns edition page display and removed the hint popup
- Compatibility with the GDPR plugin
- The Add-ons menu is now translated in the Joomla menu
- The “Price text” field is now taken into account in the EventBooking add-on
- New partial translations, imported from AcyMailing 5: Arabic, Bosnian, Bulgarian, Catalan, Chinese, Croatian, Estonian, Finnish, Galician, Hebrew, Icelandic, Indonesian, Japanese, Latvian, Lithuanian, Macedonian, Persian, Serbian, Sindhi, Swahili, Thai, Urdu, Vietnamese, Welsh
Bug fixes
AcyMailing 5.10.11

November 27, 2019

Improvements****Bug fixes
AcyMailing 6.5.0

November 5, 2019

New features****Improvements****Bug fixes
AcyMailing 6.4.0

October 14, 2019

New features****Improvements****Bug fixes
AcyMailing 6.3.1

September 25, 2019

Bug fixes
AcyMailing 6.3.0

September 23, 2019

New features****Improvements****Bug fixes
AcyMailing 6.2.2

August 30, 2019

This is a patch release to address a security issue on the file upload custom field. We highly recommend to update to the v6.2.2 as soon as possible for websites matching all of the following conditions:
- The Enterprise edition of AcyMailing is used
- The version 6.2.0 or 6.2.1 is used
- A “File” custom field is created and visible for the users in a front-end subscription form (the module on Joomla or the widget on WordPress)
- An other custom field other than a “File” field must be displayed on the form, in addition to the "Name", “Email” and “File” fields
If your website doesn’t match one of these conditions it is not concerned by the security issue, but we still recommend you to keep AcyMailing updated when a new version is available.
AcyMailing 5.10.10

August 28, 2019

Improvements and bug fixes
AcyMailing 6.2.1

August 27, 2019

Improvements and bug fixes
AcyMailing 6.2.0

August 20, 2019

New features and improvements****Bug fixes
AcyMailing 6.1.10

August 5, 2019

Bug fixes
AcyMailing 5.10.9

July 31, 2019

Improvements****Bug fixes
AcyMailing 6.1.9

July 30, 2019

New features****Improvements****Bug fixes
AcyMailing 6.1.8

July 15, 2019

There aren’t much modifications in this version, but it had to be released as the “Send settings” step of the campaigns edition workflow could be blocked in some cases when scheduling the campaign, saving as draft then returning on this step.

Modifications
AcyMailing 6.1.7

July 8, 2019

Improvements****Bug fixes****Integrations
AcyMailing 6.1.6

June 18, 2019

This version is mainly an improvements and maintenance release, mainly focusing on the editor and sent emails.

Improvements****Bug fixes
AcyMailing 5.10.8

June 18, 2019

Improvements****Bug fixes****Plugins
AcyMailing 6.1.5

June 3, 2019

Features****Improvements****Bug fixes
AcyMailing 6.1.4

April 23, 2019

Features****Improvements****Bug fixes
AcyMailing 6.1.3

April 2, 2019
AcyMailing 5.10.7

March 25, 2019
AcyMailing 5.10.6

March 18, 2019
AcyMailing 6.1.2

March 11, 2019
AcyMailing 6.1.1

February 13, 2019
AcyMailing 6.0.4

February 6, 2019
AcyMailing 5.10.5

January 10, 2019
AcyMailing 6.0.3

January 9, 2019
AcyMailing 6.0.2

December 17, 2018
AcyMailing 6.0.1

November 28, 2018
AcyMailing 6 Beta

November 19, 2018
AcyMailing 6 Alpha 3

October 2, 2018
AcyMailing 6 Alpha 2

August 29, 2018
AcyMailing 6 Alpha 1

August 22, 2018

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago