Skip to main content

Mail Mint Email Marketing Newsletter Email Automation Woocommerce Emails

1 CVEs product

Monthly

CVE-2026-14342 MEDIUM This Month

Time-based SQL injection in the Mail Mint WordPress plugin (versions ≤1.24.2) allows authenticated administrators to extract arbitrary data from the underlying database via the unsanitized 'contact_ids' parameter in the contact management API. Reported by Wordfence, the flaw is rooted in insufficient input escaping and missing prepared statements in the ContactModel and ContactController layers. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, a corrective changeset (3597255) has been committed to the WordPress plugin repository.

WordPress SQLi Mail Mint Email Marketing Newsletter Email Automation Woocommerce Emails
NVD
CVSS 3.1
4.9
EPSS
0.3%
EPSS 0% CVSS 4.9
MEDIUM This Month

Time-based SQL injection in the Mail Mint WordPress plugin (versions ≤1.24.2) allows authenticated administrators to extract arbitrary data from the underlying database via the unsanitized 'contact_ids' parameter in the contact management API. Reported by Wordfence, the flaw is rooted in insufficient input escaping and missing prepared statements in the ContactModel and ContactController layers. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, a corrective changeset (3597255) has been committed to the WordPress plugin repository.

WordPress SQLi Mail Mint Email Marketing Newsletter Email Automation Woocommerce Emails
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy