Mail Mint
Monthly
Mail Mint WordPress plugin versions through 1.19.5 exposes sensitive system information to low-privilege authenticated users, enabling retrieval of embedded sensitive data from plugin responses or endpoints. Reported by Patchstack and classified under CWE-497, the flaw requires only a low-privilege WordPress account (PR:L per CVSS vector) over the network with no additional complexity or user interaction. No active exploitation has been confirmed in CISA KEV, and no public exploit code has been identified at time of analysis.
Mail Mint WordPress plugin versions through 1.19.5 exposes sensitive system information to low-privilege authenticated users, enabling retrieval of embedded sensitive data from plugin responses or endpoints. Reported by Patchstack and classified under CWE-497, the flaw requires only a low-privilege WordPress account (PR:L per CVSS vector) over the network with no additional complexity or user interaction. No active exploitation has been confirmed in CISA KEV, and no public exploit code has been identified at time of analysis.