CVE-2026-2025
HIGH EXPLOITED NUCLEIMail Mint WordPress Plugin <1.19.5 - Info Disclosure
Title source: llmExploitation Summary
CVE-2026-2025 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog
Nuclei Templates (1)
Mail Mint < 1.19.5 - Unauthenticated Email Disclosure
HIGHVERIFIEDby 0x_Akoko
FOFA:
body="/wp-content/plugins/mail-mint/"
References (1)
Core 1
Core References
Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/1b815cde-cd9d-46fa-a6ab-3d2851705e7b/
Scores
CVSS v3
7.5
EPSS
0.2881
EPSS Percentile
96.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2026-04-30
CWE
CWE-200
Status
published
Published
Mar 04, 2026
Tracked Since
Mar 04, 2026