Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Admin credentials required (PR:H); time-based SQLi reads only (C:H, I:N, A:N); network-accessible admin API with no complexity barrier (AV:N, AC:L).
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Mail Mint - Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contact_ids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
AnalysisAI
Time-based SQL injection in the Mail Mint WordPress plugin (versions ≤1.24.2) allows authenticated administrators to extract arbitrary data from the underlying database via the unsanitized 'contact_ids' parameter in the contact management API. Reported by Wordfence, the flaw is rooted in insufficient input escaping and missing prepared statements in the ContactModel and ContactController layers. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session with WordPress administrator-level privileges or above (PR:H per CVSS), meaning the attacker must either possess valid admin credentials, have compromised an administrator account, or operate as a malicious insider with admin rights. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) yields a medium score of 4.9, which accurately captures the primary limiting factor: exploitation requires administrator-level WordPress credentials (PR:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with administrator credentials authenticates to a WordPress site running Mail Mint ≤1.24.2, then sends a crafted POST request to the admin contact API endpoint with a malicious contact_ids payload embedding a time-delay SQL expression. By measuring response latency for true/false conditions, the attacker iterates through database contents - extracting WordPress user table hashes, WooCommerce order data, or subscriber PII - character by character. … |
| Remediation | Update the Mail Mint plugin to a version beyond 1.24.2. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42545
GHSA-r8xv-jhv9-6h7f