Skip to main content

Mail Mint CVE-2026-27349

| EUVDEUVD-2026-31249 MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-05-21 Patchstack GHSA-8f6f-c3jm-3762
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 09:33 vuln.today

DescriptionCVE.org

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data.

This issue affects Mail Mint: from n/a through 1.19.5.

AnalysisAI

Mail Mint WordPress plugin versions through 1.19.5 exposes sensitive system information to low-privilege authenticated users, enabling retrieval of embedded sensitive data from plugin responses or endpoints. Reported by Patchstack and classified under CWE-497, the flaw requires only a low-privilege WordPress account (PR:L per CVSS vector) over the network with no additional complexity or user interaction. No active exploitation has been confirmed in CISA KEV, and no public exploit code has been identified at time of analysis.

Technical ContextAI

Mail Mint is a WordPress email marketing and automation plugin developed by WPFunnels Team, identified by CPE cpe:2.3:a:wpfunnels_team:mail_mint:*:*:*:*:*:*:*:*. The root cause is CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere - a class of vulnerability where internal system data (such as API keys, configuration tokens, internal paths, or environment metadata) is embedded in responses or accessible via plugin endpoints without adequate authorization enforcement. In WordPress plugin contexts, this frequently manifests as REST API endpoints or AJAX handlers that return privileged data to any authenticated user regardless of their role, bypassing WordPress capability checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) confirms the flaw is network-reachable, low complexity, and scope-unchanged, with partial confidentiality impact only.

RemediationAI

Update Mail Mint to a version beyond 1.19.5 by checking the WordPress plugin repository or the official Patchstack advisory at https://patchstack.com/database/wordpress/plugin/mail-mint/vulnerability/wordpress-mail-mint-plugin-1-19-5-sensitive-data-exposure-vulnerability for the confirmed patched release version, as no specific fix version number is confirmed in currently available data. If an immediate update cannot be applied, a targeted compensating control is to restrict WordPress user registration to trusted individuals only - this directly reduces the pool of potential authenticated exploiters, though it may affect intended site functionality. Administrators should also audit Mail Mint's REST API and AJAX endpoints for responses containing configuration data or credentials, and consider temporarily disabling the plugin on installations where untrusted authenticated users have access until patching is complete. Disabling the plugin eliminates the attack surface but also removes email marketing functionality.

Share

CVE-2026-27349 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy