CVE-2026-2025

HIGH NUCLEI

Mail Mint WordPress Plugin <1.19.5 - Info Disclosure

Title source: llm

Description

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog

Nuclei Templates (1)

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

HIGHVERIFIEDby 0x_Akoko

FOFA: body="/wp-content/plugins/mail-mint/"

References (1)

[Third Party Advisory] https://wpscan.com/vulnerability/1b815cde-cd9d-46fa-a6ab-3d2851705e7b/

Scores

CVSS v3 7.5

EPSS 0.3396

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Published Mar 04, 2026

Tracked Since Mar 04, 2026