Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (Patchstack) · only source for this CVE.
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through <= 1.2.77.3.
AnalysisAI
Privilege escalation in the MailOptin WordPress plugin (by properfraction) affects all versions up to and including 1.2.77.3, stemming from incorrect privilege assignment (CWE-266). An attacker can obtain elevated privileges within the WordPress site, potentially reaching administrator-level control that yields full confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours: inventory all WordPress installations running MailOptin and identify their plugin versions; immediately disable or remove the plugin from production systems if not business-critical. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber - MailOptin plugin for WordPress is vulnerable
Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress. Rated medium s
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor pat
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43425