Mail Mint
by WordPress
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2025 | Hig | 0.51 | 7.5 | 0.01 | Mar 4, 2026 | The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog | ||
| CVE-2026-23541 | Hig | 0.49 | 7.5 | 0.00 | Feb 19, 2026 | Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4. | ||
| CVE-2025-59570 | Hig | 0.49 | 7.6 | 0.00 | Sep 22, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.6. | ||
| CVE-2025-58604 | Hig | 0.49 | 7.6 | 0.00 | Sep 3, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.5. | ||
| CVE-2025-47541 | Hig | 0.49 | 7.5 | 0.00 | May 23, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7. | ||
| CVE-2025-11967 | Hig | 0.40 | 7.2 | 0.00 | Nov 8, 2025 | The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with… | ||
| CVE-2026-27349 | Med | 0.28 | 4.3 | 0.00 | May 21, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5. | ||
| CVE-2026-1447 | Med | 0.28 | 5.4 | 0.00 | Feb 3, 2026 | The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update… | ||
| CVE-2026-1258 | Med | 0.25 | 4.9 | 0.00 | Feb 14, 2026 | The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied… |
- risk 0.51cvss 7.5epss 0.01
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through <= 1.19.4.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.6.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through <= 1.18.5.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint mail-mint allows Retrieve Embedded Sensitive Data.This issue affects Mail Mint: from n/a through <= 1.17.7.
- risk 0.40cvss 7.2epss 0.00
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with…
- risk 0.28cvss 4.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5.
- risk 0.28cvss 5.4epss 0.00
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update…
- risk 0.25cvss 4.9epss 0.00
The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied…