Mail Mint Email Marketing Newsletter Email Automation Woocommerce Emails
Monthly
Time-based SQL injection in the Mail Mint WordPress plugin (versions ≤1.24.2) allows authenticated administrators to extract arbitrary data from the underlying database via the unsanitized 'contact_ids' parameter in the contact management API. Reported by Wordfence, the flaw is rooted in insufficient input escaping and missing prepared statements in the ContactModel and ContactController layers. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, a corrective changeset (3597255) has been committed to the WordPress plugin repository.
Time-based SQL injection in the Mail Mint WordPress plugin (versions ≤1.24.2) allows authenticated administrators to extract arbitrary data from the underlying database via the unsanitized 'contact_ids' parameter in the contact management API. Reported by Wordfence, the flaw is rooted in insufficient input escaping and missing prepared statements in the ContactModel and ContactController layers. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, a corrective changeset (3597255) has been committed to the WordPress plugin repository.