Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data.
This issue affects Mail Mint: from n/a through 1.19.5.
AnalysisAI
Mail Mint WordPress plugin versions through 1.19.5 exposes sensitive system information to low-privilege authenticated users, enabling retrieval of embedded sensitive data from plugin responses or endpoints. Reported by Patchstack and classified under CWE-497, the flaw requires only a low-privilege WordPress account (PR:L per CVSS vector) over the network with no additional complexity or user interaction. No active exploitation has been confirmed in CISA KEV, and no public exploit code has been identified at time of analysis.
Technical ContextAI
Mail Mint is a WordPress email marketing and automation plugin developed by WPFunnels Team, identified by CPE cpe:2.3:a:wpfunnels_team:mail_mint:*:*:*:*:*:*:*:*. The root cause is CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere - a class of vulnerability where internal system data (such as API keys, configuration tokens, internal paths, or environment metadata) is embedded in responses or accessible via plugin endpoints without adequate authorization enforcement. In WordPress plugin contexts, this frequently manifests as REST API endpoints or AJAX handlers that return privileged data to any authenticated user regardless of their role, bypassing WordPress capability checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) confirms the flaw is network-reachable, low complexity, and scope-unchanged, with partial confidentiality impact only.
RemediationAI
Update Mail Mint to a version beyond 1.19.5 by checking the WordPress plugin repository or the official Patchstack advisory at https://patchstack.com/database/wordpress/plugin/mail-mint/vulnerability/wordpress-mail-mint-plugin-1-19-5-sensitive-data-exposure-vulnerability for the confirmed patched release version, as no specific fix version number is confirmed in currently available data. If an immediate update cannot be applied, a targeted compensating control is to restrict WordPress user registration to trusted individuals only - this directly reduces the pool of potential authenticated exploiters, though it may affect intended site functionality. Administrators should also audit Mail Mint's REST API and AJAX endpoints for responses containing configuration data or credentials, and consider temporarily disabling the plugin on installations where untrusted authenticated users have access until patching is complete. Disabling the plugin eliminates the attack surface but also removes email marketing functionality.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31249
GHSA-8f6f-c3jm-3762